Cloudsmith - Repositories - Kurrent (eventstore) - kurrent-latest (kurrent-latest) - kurrentdb-rhel8

Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package _(implicit)
name:my-package _(explicit)

Search by package filename:
filename:my-package.ext

Search by package tag:
tag:latest

Search by package version:
version:1.0.0 prerelease:true _{(prereleases)}
prerelease:false _{(no prereleases)}

Search by package architecture:
architecture:x86_64

Search by package distribution:
distribution:el

Search by package license:
license:MIT

Search by package format:
format:deb

Search by package status:
status:in_progress

Search by package file checksum:
checksum:5afba

Search by package security status:
severity:critical

Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000

Search by # of package downloads:
downloads:>8
downloads:<100

Search by package type:
type:binary
type:source

Search by package size (bytes):
size:>50000
size:<10000

Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0

Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search by last download date:
last_downloaded:<"30 days ago"
last_downloaded:>"August 14, 2022 EST"

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Search queries for all Generic-specific package types

Search by file path:
generic_filepath:path/to/file.txt

Search by directory:
generic_directory:path/to

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Generic, Go, Helm, Hex, HuggingFace, LuaRocks, Maven, MCP, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, VSX, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial

Set Me Up

Public — eventstore (Kurrent) / kurrent-latest

A certifiably-awesome public package repository curated by Kurrent, hosted by Cloudsmith.

kurrentdb-rhel8 26.0.1

Download

One-liner (summary)

A certifiably-awesome package curated by ryan-b, hosted by Cloudsmith.

Description

A certifiably-awesome package curated by ryan-b, hosted by Cloudsmith.

License

Unknown

Size

210.0 MB

Downloads

Status	Completed
Checksum (MD5)	3e53c1a16f59701141c960b84da8ae7c
Checksum (SHA-1)	d4ce248a9751c49dad8b2a40954a75138008486b
Checksum (SHA-256)	0c06bd1ba46bd1b731b3ae3d95521c53a879cdeb34b827901f41f368a879fa40
Checksum (SHA-512)	bf7821cae733d7340d66755ee1e90b0c7a25c2e728a9a1e3195f196a2775379aba…
GPG Signature	Download
GPG Fingerprint	02a89004460aa252035d6b7d094442d90ad50bcd
Storage Region	Dublin, Ireland
Type	Binary (contains binaries and binary artifacts)
Uploaded At	2 weeks, 5 days ago
Uploaded By
Slug Id	kurrentdb-rhel8-txa5
Unique Id	Lg3KzKUg3XRA
Version (Raw)	26.0.1
Version (Parsed)	Major: 26 Minor: 0 Patch: 1 Type: SemVer (Strict)
Orig Version (Raw)	0c06bd1ba46bd1b731b3ae3d95521c53a879cdeb34b827901f41f368a879fa40
Orig Version (Parsed)	Type: Unknown
	docker-specific metadata
Image Digest	sha256:0c06bd1ba46bd1b731b3ae3d95521c53a879cdeb34b827901f41f368a879fa40
Config Digest	sha256:95cad251b8c8be66a2f596b75f76dab5fd036d78d2301a06ec30218749055926
V1 OCI Index Digest	sha256:de5b15167dddd3368e708b3cdd51a0c13ddabbaaec2abe993a2eb8e6ac22323e
V1 Distribution (Signed) Digest	sha256:a897bde022f7bfb1d54ed38b39f88eefa395ac98b3ee334c4c3cc487528970a5
V2 Distribution List Digest	sha256:ac0449ca0eb6a64fffd413b652a8ba59e754af57329c4a300f59e3f1403ae199
V2 Distribution Digest	sha256:4ec7f7f54328c2954a8a8ea72839fec0212510538e88da3279b06fa6dfdb04cc
V1 Distribution Digest	sha256:b2cbb4545b5572995b68d42b3adc9d1348043a44750fdbd0ebe772a0ebfa56c7
V1 OCI Digest	sha256:0c06bd1ba46bd1b731b3ae3d95521c53a879cdeb34b827901f41f368a879fa40
	extended metadata
Manifest Type	V1 OCI
Architecture	amd64
Config	Entrypoint /bin/kurrentd Env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \| container=oci Exposed Ports 1112/tcp \| 1113/tcp \| 2113/tcp Labels 'version' '26.0.1' Labels 'vcs-ref' '88c11ff07ad8439534243f8f5d279cdcae9c4504' Labels 'vcs-type' 'git' Labels 'vendor' 'Kurrent, Inc' Labels 'architecture' 'x86_64' Labels 'build-date' '2026-05-27T04:57:28Z' Labels 'com.redhat.component' 'ubi8-minimal-container' Labels 'com.redhat.license_terms' 'https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI' Labels 'cpe' 'cpe:/a:redhat:enterprise_linux:8::appstream' Labels 'description' 'A database purpose-built for event sourcing' Labels 'distribution-scope' 'public' Labels 'io.buildah.version' '1.43.1' Labels 'io.k8s.description' 'The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintain' Labels 'io.k8s.display-name' 'Red Hat Universal Base Image 8 Minimal' Labels 'io.openshift.tags' 'minimal rhel8' Labels 'maintainer' 'Kurrent, Inc' Labels 'name' 'kurrentdb' Labels 'org.opencontainers.image.created' '2026-05-27T04:57:28Z' Labels 'org.opencontainers.image.revision' '88c11ff07ad8439534243f8f5d279cdcae9c4504' Labels 'release' '2e35f12a88007a533b2c85f7ac8aebe4-26.0.1' Labels 'summary' 'Event-centric data platform' Labels 'url' 'https://catalog.redhat.com/en/search?searchType=containers' User 65534:65534 Volumes /var/lib/kurrentdb \| /var/log/kurrentdb Working Dir /
Created	2026-05-28 22:16:59 UTC
Os	linux

Newer	kurrentdb-rhel8 26.1.0	image amd64 linux 212.6 MB — 1 week, 6 days ago	3
Newer	kurrentdb-rhel8 26.0.3	image amd64 linux 210.9 MB — 1 week, 6 days ago	3
Newer	kurrentdb-rhel8 26.0.2	image amd64 linux 210.1 MB — 2 weeks ago	4
	kurrentdb-rhel8 26.0.1	image amd64 linux 210.0 MB — 2 weeks, 5 days ago	5
Older	kurrentdb-rhel8 26.0.0	image amd64 linux 209.9 MB — 2 weeks, 5 days ago	5
Older	kurrentdb-rhel8 25.1.4	image amd64 linux 196.0 MB — 2 weeks, 5 days ago	15
Older	kurrentdb-rhel8 25.1.3	image amd64 linux 196.1 MB — 2 weeks, 5 days ago	11

Last scanned

2 weeks, 5 days ago

Scan result

Vulnerable

Vulnerability count

142

Max. severity

High

Target:	Lg3KzKUg3XRA.sbom-cyclonedx.json (redhat 8.10)
MEDIUM	CVE-2025-5278: A flaw was found in GNU Coreutils. The sort utility's begfield() funct ... A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data. Package Name: coreutils-single Installed Version: 8.30-17.el8_10 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com bugzilla.redhat.com cgit.git.savannah.gnu.org cgit.git.savannah.gnu.org debbugs.gnu.org security-tracker.debian.org
MEDIUM	CVE-2025-13034: curl: Public key pinning bypass via QUIC and GnuTLS allows server impersonation When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: access.redhat.com curl.se curl.se github.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2025-14017: curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2026-1965: curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates connections and not requests, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API). Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: access.redhat.com curl.se curl.se nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2026-3783: curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2026-3784: curl: curl: Unauthorized access due to improper HTTP proxy connection reuse curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2026-3805: curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-4873: curl: curl: Information disclosure due to incorrect TLS connection reuse A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-5545: curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. An application that first uses Negotiate authentication to a server with `user1:password1` and then does another operation to the same server asking for any authentication method but for `user2:password2` (while the previous connection is still alive) - the second request gets confused and wrongly reuses the same connection and sends the new request over that connection thinking it uses a mix of user1's and user2's credentials when it is in fact still using the connection authenticated for user1... Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-5773: curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-6253: curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-6429: curl: libcurl: Credential leak via reused proxy connection during HTTP redirects When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-7168: curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with Digest authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2019-8905: file: stack-based buffer over-read in do_core_note in readelf.c do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. Package Name: file-libs Installed Version: 5.33-27.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com bugs.astron.com lists.debian.org nvd.nist.gov ubuntu.com usn.ubuntu.com www.cve.org
MEDIUM	CVE-2026-1484: Glib: Integer Overflow Leading to Buffer Underflow and Out-of-Bounds Write in GLib g_base64_encode() A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably. Package Name: glib2 Installed Version: 2.56.4-169.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com gitlab.gnome.org nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-1489: Glib: GLib: Memory corruption via integer overflow in Unicode case conversion A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable. Package Name: glib2 Installed Version: 2.56.4-169.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com gitlab.gnome.org nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-4437: glibc: glibc: Incorrect DNS response parsing via crafted DNS server response Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer. Package Name: glibc Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov sourceware.org www.cve.org www.openwall.com
MEDIUM	CVE-2026-5435: glibc: glibc: Out-of-bounds write via TSIG record processing The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records. Package Name: glibc Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com inbox.sourceware.org nvd.nist.gov sourceware.org www.cve.org
MEDIUM	CVE-2026-5450: glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow. Package Name: glibc Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com inbox.sourceware.org nvd.nist.gov nvd.nist.gov sourceware.org www.cve.org
MEDIUM	CVE-2026-5928: glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets. Package Name: glibc Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org www.cve.org
MEDIUM	CVE-2026-4437: glibc: glibc: Incorrect DNS response parsing via crafted DNS server response Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer. Package Name: glibc-common Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov sourceware.org www.cve.org www.openwall.com
MEDIUM	CVE-2026-5435: glibc: glibc: Out-of-bounds write via TSIG record processing The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records. Package Name: glibc-common Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com inbox.sourceware.org nvd.nist.gov sourceware.org www.cve.org
MEDIUM	CVE-2026-5450: glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow. Package Name: glibc-common Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com inbox.sourceware.org nvd.nist.gov nvd.nist.gov sourceware.org www.cve.org
MEDIUM	CVE-2026-5928: glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets. Package Name: glibc-common Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org www.cve.org
MEDIUM	CVE-2026-4437: glibc: glibc: Incorrect DNS response parsing via crafted DNS server response Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer. Package Name: glibc-minimal-langpack Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov sourceware.org www.cve.org www.openwall.com
MEDIUM	CVE-2026-5435: glibc: glibc: Out-of-bounds write via TSIG record processing The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records. Package Name: glibc-minimal-langpack Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com inbox.sourceware.org nvd.nist.gov sourceware.org www.cve.org
MEDIUM	CVE-2026-5450: glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow. Package Name: glibc-minimal-langpack Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com inbox.sourceware.org nvd.nist.gov nvd.nist.gov sourceware.org www.cve.org
MEDIUM	CVE-2026-5928: glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets. Package Name: glibc-minimal-langpack Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org www.cve.org
MEDIUM	CVE-2025-68972: In GnuPG through 2.4.8, if a signed message has \f at the end of a pla ... In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line. Package Name: gnupg2 Installed Version: 2.2.20-4.el8_10 Fixed Version: References: github.com gpg.fail media.ccc.de news.ycombinator.com nvd.nist.gov
MEDIUM	CVE-2024-57970: ELSA-2025-7510: libarchive security update (MODERATE) libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname. Package Name: libarchive Installed Version: 3.3.3-7.el8_10 Fixed Version: References: bugzilla.redhat.com cve.mitre.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov
MEDIUM	CVE-2025-25724: list_item_verbose in tar/util.c in libarchive through 3.7.7 does not c ... list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale. Package Name: libarchive Installed Version: 3.3.3-7.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gist.github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2025-60753: An issue was discovered in libarchive bsdtar before version 3.8.1 in f ... An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash). Package Name: libarchive Installed Version: 3.3.3-7.el8_10 Fixed Version: References: github.com github.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-4426: libarchive: libarchive: Denial of Service via malformed ISO file processing A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition. Package Name: libarchive Installed Version: 3.3.3-7.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com github.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-5745: libarchive: A NULL pointer dereference vulnerability exists in the ACL parser of libarchive A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS). Package Name: libarchive Installed Version: 3.3.3-7.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2026-27456: util-linux: TOCTOU in the mount program when setting up loop devices util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4. Package Name: libblkid Installed Version: 2.32.1-48.el8_10 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-13034: curl: Public key pinning bypass via QUIC and GnuTLS allows server impersonation When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: access.redhat.com curl.se curl.se github.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2025-14017: curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2026-1965: curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion must first be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates connections and not requests, contrary to how HTTP is designed to work. An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1... The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`. Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`, `CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API). Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: access.redhat.com curl.se curl.se nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2026-3783: curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2026-3784: curl: curl: Unauthorized access due to improper HTTP proxy connection reuse curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2026-3805: curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-4873: curl: curl: Information disclosure due to incorrect TLS connection reuse A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-5545: curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. An application that first uses Negotiate authentication to a server with `user1:password1` and then does another operation to the same server asking for any authentication method but for `user2:password2` (while the previous connection is still alive) - the second request gets confused and wrongly reuses the same connection and sends the new request over that connection thinking it uses a mix of user1's and user2's credentials when it is in fact still using the connection authenticated for user1... Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-5773: curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-6253: curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-6429: curl: libcurl: Credential leak via reused proxy connection during HTTP redirects When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-7168: curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with Digest authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2019-12904: Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack Package Name: libgcrypt Installed Version: 1.8.5-7.el8_6 Fixed Version: References: lists.opensuse.org access.redhat.com dev.gnupg.org github.com github.com lists.apache.org lists.gnupg.org nvd.nist.gov people.canonical.com www.cve.org
MEDIUM	CVE-2024-2236: A timing-based side-channel flaw was found in libgcrypt's RSA implemen ... A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. Package Name: libgcrypt Installed Version: 1.8.5-7.el8_6 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org dev.gnupg.org errata.almalinux.org errata.rockylinux.org github.com gitlab.com linux.oracle.com linux.oracle.com lists.gnupg.org www.cve.org
MEDIUM	CVE-2026-41989: Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt. Package Name: libgcrypt Installed Version: 1.8.5-7.el8_6 Fixed Version: References: access.redhat.com dev.gnupg.org github.com lists.gnupg.org nvd.nist.gov ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2025-5222: A stack buffer overflow was found in Internationl components for unico ... A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. Package Name: libicu Installed Version: 60.3-2.el8_1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov unicode-org.atlassian.net www.cve.org
MEDIUM	CVE-2026-27456: util-linux: TOCTOU in the mount program when setting up loop devices util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4. Package Name: libmount Installed Version: 2.32.1-48.el8_10 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2026-27456: util-linux: TOCTOU in the mount program when setting up loop devices util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4. Package Name: libsmartcols Installed Version: 2.32.1-48.el8_10 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2026-48864: libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service. Package Name: libsolv Installed Version: 0.7.20-6.el8 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2026-9149: libsolv: Heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could exploit this to cause a denial of service (DoS). Package Name: libsolv Installed Version: 0.7.20-6.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2026-9150: libsolv: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512 checksums A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA512 checksum tags, leading to memory corruption and a denial of service (DoS) in the affected system. Package Name: libsolv Installed Version: 0.7.20-6.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-5351: A flaw was found in the key export functionality of libssh. The issue ... A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed. Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov ubuntu.com www.cve.org www.libssh.org
MEDIUM	CVE-2025-8114: A flaw was found in libssh, a library that implements the SSH protocol ... A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash. Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.libssh.org git.libssh.org nvd.nist.gov ubuntu.com www.cve.org www.libssh.org
MEDIUM	CVE-2026-0964: libssh: Improper sanitation of paths received from SCP servers A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111. Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org www.libssh.org
MEDIUM	CVE-2026-0966: libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa() A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process. Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org www.libssh.org
MEDIUM	CVE-2026-3731: libssh: libssh: Denial of Service via out-of-bounds read in SFTP extension name handler A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component. Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com gitlab.com nvd.nist.gov ubuntu.com vuldb.com vuldb.com vuldb.com www.cve.org www.libssh.org www.libssh.org
MEDIUM	CVE-2025-5351: A flaw was found in the key export functionality of libssh. The issue ... A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed. Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov ubuntu.com www.cve.org www.libssh.org
MEDIUM	CVE-2025-8114: A flaw was found in libssh, a library that implements the SSH protocol ... A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash. Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.libssh.org git.libssh.org nvd.nist.gov ubuntu.com www.cve.org www.libssh.org
MEDIUM	CVE-2026-0964: libssh: Improper sanitation of paths received from SCP servers A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111. Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org www.libssh.org
MEDIUM	CVE-2026-0966: libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa() A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process. Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org www.libssh.org
MEDIUM	CVE-2026-3731: libssh: libssh: Denial of Service via out-of-bounds read in SFTP extension name handler A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component. Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com gitlab.com nvd.nist.gov ubuntu.com vuldb.com vuldb.com vuldb.com www.cve.org www.libssh.org www.libssh.org
MEDIUM	CVE-2026-27456: util-linux: TOCTOU in the mount program when setting up loop devices util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4. Package Name: libuuid Installed Version: 2.32.1-48.el8_10 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2026-0990: libxml2: libxml2: Denial of Service via uncontrolled recursion in XML catalog processing A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications. Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com gitlab.gnome.org nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2026-1757: libxml2: Memory Leak Leading to Local Denial of Service in xmllint Interactive Shell A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system. Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com gitlab.gnome.org nvd.nist.gov www.cve.org
MEDIUM	CVE-2026-6732: libxml2: libxml2: Denial of Service via crafted XSD-validated document A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable. Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com gitlab.gnome.org gitlab.gnome.org nvd.nist.gov www.cve.org
MEDIUM	CVE-2022-4899: zstd: mysql: buffer overrun in util.c A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. Package Name: libzstd Installed Version: 1.4.4-1.el8 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com security.netapp.com www.cve.org
MEDIUM	CVE-2026-22185: OpenLDAP: OpenLDAP LMDB: Denial of Service and Information Disclosure via Heap Buffer Underflow OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition. Package Name: openldap Installed Version: 2.4.46-21.el8_10 Fixed Version: References: access.redhat.com bugs.openldap.org nvd.nist.gov seclists.org seclists.org www.cve.org www.openldap.org www.vulncheck.com
MEDIUM	CVE-2023-0466: openssl: Certificate policy check not enabled The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org github.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com security.netapp.com ubuntu.com ubuntu.com www.cve.org www.debian.org www.openssl.org
MEDIUM	CVE-2026-28390: openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com cert-portal.siemens.com cert-portal.siemens.com github.com github.com github.com github.com github.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2026-44604: rpm: Command injection in rpmuncompress doUntar() via unescaped archive top-level directory name in popen() shell command A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction. Package Name: rpm Installed Version: 4.14.3-32.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2026-44604: rpm: Command injection in rpmuncompress doUntar() via unescaped archive top-level directory name in popen() shell command A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction. Package Name: rpm-libs Installed Version: 4.14.3-32.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2018-20839: systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled. Package Name: systemd-libs Installed Version: 239-82.el8_10.16 Fixed Version: References: www.securityfocus.com access.redhat.com bugs.launchpad.net github.com github.com lists.apache.org nvd.nist.gov security.netapp.com www.cve.org
MEDIUM	CVE-2025-4598: A vulnerability was found in systemd-coredump. This flaw allows an att ... A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality. Package Name: systemd-libs Installed Version: 239-82.el8_10.16 Fixed Version: References: seclists.org www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com blogs.oracle.com bugzilla.redhat.com bugzilla.redhat.com cert-portal.siemens.com ciq.com cve.mitre.org errata.almalinux.org errata.rockylinux.org git.kernel.org github.com github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov ubuntu.com www.cve.org www.openwall.com www.openwall.com www.qualys.com
MEDIUM	CVE-2026-29111: systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available. Package Name: systemd-libs Installed Version: 239-82.el8_10.16 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2026-4105: systemd: systemd: Privilege escalation via improper access control in RegisterMachine D-Bus method A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system. Package Name: systemd-libs Installed Version: 239-82.el8_10.16 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com github.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2026-34743: xz: XZ Utils: Denial of Service via buffer overflow in index decoding XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3. Package Name: xz-libs Installed Version: 5.2.4-4.el8_6 Fixed Version: References: www.openwall.com access.redhat.com github.com github.com github.com nvd.nist.gov tukaani.org www.cve.org
LOW	CVE-2023-27534: curl: SFTP path ~ resolving discrepancy A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se errata.almalinux.org hackerone.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-11053: When asked to both use a `.netrc` file for credentials and to follow H ... When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se curl.se cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-7264: libcurl's ASN1 parser code has the `GTime2str()` function, used for pa ... libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se curl.se cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com security.netapp.com security.netapp.com ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-14524: curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2025-15079: curl: Host verification bypass during SSH transfers When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-15224: curl: libssh key passphrase bypass without agent set When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2026-6276: curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them. Package Name: curl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2024-25260: elfutils v0.189 was discovered to contain a NULL pointer dereference v ... elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. Package Name: elfutils-libelf Installed Version: 0.190-2.el8 Fixed Version: References: github.com nvd.nist.gov sourceware.org sourceware.org ubuntu.com www.cve.org
LOW	CVE-2019-8906: file: out-of-bounds read in do_core_note in readelf.c do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. Package Name: file-libs Installed Version: 5.33-27.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com bugs.astron.com github.com nvd.nist.gov support.apple.com support.apple.com support.apple.com support.apple.com ubuntu.com usn.ubuntu.com www.cve.org
LOW	CVE-2023-4156: gawk: heap out of bound read in builtin.c A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. Package Name: gawk Installed Version: 4.2.1-4.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com git.savannah.gnu.org mail.gnu.org mail.gnu.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2023-29499: glib: GVariant offset table entry size is not checked in is_normal() A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. Package Name: glib2 Installed Version: 2.56.4-169.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2023-32611: glib: g_variant_byteswap() can take a long time with some non-normal inputs A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Package Name: glib2 Installed Version: 2.56.4-169.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2023-32636: glib: Timeout in fuzz_variant_text A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. Package Name: glib2 Installed Version: 2.56.4-169.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com discourse.gnome.org errata.almalinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2023-32665: glib: GVariant deserialisation does not match spec for non-normal data A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. Package Name: glib2 Installed Version: 2.56.4-169.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-3360: A flaw was found in GLib. An integer overflow and buffer under-read oc ... A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. Package Name: glib2 Installed Version: 2.56.4-169.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com lists.debian.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-7039: A flaw was found in glib. An integer overflow during temporary file cr ... A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations. Package Name: glib2 Installed Version: 2.56.4-169.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2026-0988: glib: GLib: Denial of Service via Integer Overflow in g_buffered_input_stream_peek() A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS). Package Name: glib2 Installed Version: 2.56.4-169.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com gitlab.gnome.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2026-1485: Glib: Glib: Local denial of service via buffer underflow in content type parsing A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability. Package Name: glib2 Installed Version: 2.56.4-169.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com gitlab.gnome.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2026-4438: glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. Package Name: glibc Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov sourceware.org www.cve.org www.openwall.com
LOW	CVE-2026-4438: glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. Package Name: glibc-common Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov sourceware.org www.cve.org www.openwall.com
LOW	CVE-2026-4438: glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. Package Name: glibc-minimal-langpack Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov sourceware.org www.cve.org www.openwall.com
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: gnupg2 Installed Version: 2.2.20-4.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-30258: In GnuPG before 2.5.5, if a user chooses to import a certificate with ... In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Package Name: gnupg2 Installed Version: 2.2.20-4.el8_10 Fixed Version: References: dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2026-24883: GnuPG: GnuPG: Denial of service due to specially crafted signature packet In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash). Package Name: gnupg2 Installed Version: 2.2.20-4.el8_10 Fixed Version: References: access.redhat.com dev.gnupg.org github.com nvd.nist.gov www.cve.org www.openwall.com
LOW	CVE-2021-4209: GnuTLS: Null pointer dereference in MD_UPDATE A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. Package Name: gnutls Installed Version: 3.6.16-8.el8_10.6 Fixed Version: References: access.redhat.com bugzilla.redhat.com gitlab.com gitlab.com gitlab.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2026-3832: gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust. Package Name: gnutls Installed Version: 3.6.16-8.el8_10.6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com gitlab.com nvd.nist.gov ubuntu.com www.cve.org www.gnutls.org
LOW	CVE-2018-1000879: libarchive: NULL pointer dereference in ACL parser resulting in a denial of service libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. Package Name: libarchive Installed Version: 3.3.3-7.el8_10 Fixed Version: References: lists.opensuse.org www.securityfocus.com access.redhat.com bugs.launchpad.net github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov www.cve.org
LOW	CVE-2018-1000880: libarchive: Improper input validation in WARC parser resulting in a denial of service libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. Package Name: libarchive Installed Version: 3.3.3-7.el8_10 Fixed Version: References: lists.opensuse.org www.securityfocus.com access.redhat.com bugs.launchpad.net github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com usn.ubuntu.com www.cve.org www.debian.org
LOW	CVE-2025-1632: A vulnerability was found in libarchive up to 3.7.7. It has been class ... A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Package Name: libarchive Installed Version: 3.3.3-7.el8_10 Fixed Version: References: github.com nvd.nist.gov ubuntu.com vuldb.com vuldb.com vuldb.com www.cve.org
LOW	CVE-2025-5915: A vulnerability has been identified in the libarchive library. This fl ... A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions. Package Name: libarchive Installed Version: 3.3.3-7.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2025-5916: A vulnerability has been identified in the libarchive library. This fl ... A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0. Package Name: libarchive Installed Version: 3.3.3-7.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com github.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-5917: A vulnerability has been identified in the libarchive library. This fl ... A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0. Package Name: libarchive Installed Version: 3.3.3-7.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-5918: A vulnerability has been identified in the libarchive library. This fl ... A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition. Package Name: libarchive Installed Version: 3.3.3-7.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2023-27534: curl: SFTP path ~ resolving discrepancy A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se errata.almalinux.org hackerone.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-11053: When asked to both use a `.netrc` file for credentials and to follow H ... When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se curl.se cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-7264: libcurl's ASN1 parser code has the `GTime2str()` function, used for pa ... libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se curl.se cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com security.netapp.com security.netapp.com ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-14524: curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2025-15079: curl: Host verification bypass during SSH transfers When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-15224: curl: libssh key passphrase bypass without agent set When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2026-6276: curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them. Package Name: libcurl Installed Version: 7.61.1-34.el8_10.11 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2018-20657: libiberty: Memory leak in demangle_template function resulting in a denial of service The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. Package Name: libgcc Installed Version: 8.5.0-28.el8_10 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com gcc.gnu.org linux.oracle.com linux.oracle.com nvd.nist.gov support.f5.com www.cve.org
LOW	CVE-2019-14250: binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. Package Name: libgcc Installed Version: 8.5.0-28.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com gcc.gnu.org gcc.gnu.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com www.cve.org
LOW	CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Package Name: libgcc Installed Version: 8.5.0-28.el8_10 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org
LOW	CVE-2026-41990: Libgcrypt: Libgcrypt: Denial of Service or data integrity issues from missing bounds check during Dilithium signing. Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data. Package Name: libgcrypt Installed Version: 1.8.5-7.el8_6 Fixed Version: References: access.redhat.com dev.gnupg.org github.com lists.gnupg.org nvd.nist.gov ubuntu.com www.cve.org www.openwall.com
LOW	CVE-2025-4878: A vulnerability was found in libssh, where an uninitialized variable e ... A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption. Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.libssh.org git.libssh.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org
LOW	CVE-2025-8277: A flaw was found in libssh's handling of key exchange (KEX) processes ... A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability. Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org
LOW	CVE-2026-0965: libssh: libssh: Denial of Service via improper configuration file handling A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations. Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org
LOW	CVE-2026-0967: libssh: libssh: Denial of Service via inefficient regular expression processing A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client. Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org www.libssh.org
LOW	CVE-2026-0968: libssh: libssh: Denial of Service due to malformed SFTP message A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes. Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org www.libssh.org
LOW	CVE-2025-4878: A vulnerability was found in libssh, where an uninitialized variable e ... A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption. Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.libssh.org git.libssh.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org
LOW	CVE-2025-8277: A flaw was found in libssh's handling of key exchange (KEX) processes ... A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability. Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org
LOW	CVE-2026-0965: libssh: libssh: Denial of Service via improper configuration file handling A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations. Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org
LOW	CVE-2026-0967: libssh: libssh: Denial of Service via inefficient regular expression processing A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client. Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org www.libssh.org
LOW	CVE-2026-0968: libssh: libssh: Denial of Service due to malformed SFTP message A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes. Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org www.libssh.org
LOW	CVE-2018-20657: libiberty: Memory leak in demangle_template function resulting in a denial of service The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. Package Name: libstdc++ Installed Version: 8.5.0-28.el8_10 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com gcc.gnu.org linux.oracle.com linux.oracle.com nvd.nist.gov support.f5.com www.cve.org
LOW	CVE-2019-14250: binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. Package Name: libstdc++ Installed Version: 8.5.0-28.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com gcc.gnu.org gcc.gnu.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com www.cve.org
LOW	CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Package Name: libstdc++ Installed Version: 8.5.0-28.el8_10 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org
LOW	CVE-2018-1000654: libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. Package Name: libtasn1 Installed Version: 4.13-5.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com gitlab.com lists.apache.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2025-13151: libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string. Package Name: libtasn1 Installed Version: 4.13-5.el8_10 Fixed Version: References: www.openwall.com access.redhat.com gitlab.com gitlab.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.kb.cert.org
LOW	CVE-2023-45322: libxml2: use-after-free in xmlUnlinkNode() in tree.c libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.4 Fixed Version: References: www.openwall.com access.redhat.com gitlab.gnome.org gitlab.gnome.org lists.debian.org nvd.nist.gov www.cve.org
LOW	CVE-2024-34459: An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ... An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.4 Fixed Version: References: gitlab.gnome.org gitlab.gnome.org gitlab.gnome.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-27113: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer der ... libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.4 Fixed Version: References: seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org gitlab.gnome.org lists.debian.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.openwall.com
LOW	CVE-2025-6170: A flaw was found in the interactive shell of the xmllint command-line ... A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections. Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com gitlab.gnome.org lists.debian.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2026-0989: libxml2: Unbounded RelaxNG Include Recursion Leading to Stack Overflow A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk. Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com gitlab.gnome.org gitlab.gnome.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2026-0992: libxml2: libxml2: Denial of Service via crafted XML catalogs A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition. Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com gitlab.gnome.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2021-24032: zstd: Race condition allows attacker to access world-readable destination file Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties. Package Name: libzstd Installed Version: 1.4.4-1.el8 Fixed Version: References: access.redhat.com bugs.debian.org github.com github.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.facebook.com
LOW	CVE-2018-19211: ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `' in name or alias field" detection. Package Name:* ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2020-19185: ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373 Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19186: ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66 Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19187: ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100 Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19188: ncurses: Stack buffer overflow in fmt_entry function in progs/dump_entry.c:1116 Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19189: ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997 Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com lists.debian.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com www.cve.org
LOW	CVE-2020-19190: ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70 Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: cvsweb.netbsd.org seclists.org seclists.org seclists.org seclists.org access.redhat.com lists.debian.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry() NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2018-19211: ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `' in name or alias field" detection. Package Name:* ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2020-19185: ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373 Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19186: ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66 Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19187: ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100 Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19188: ncurses: Stack buffer overflow in fmt_entry function in progs/dump_entry.c:1116 Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19189: ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997 Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com lists.debian.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com www.cve.org
LOW	CVE-2020-19190: ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70 Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: cvsweb.netbsd.org seclists.org seclists.org seclists.org seclists.org access.redhat.com lists.debian.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry() NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2023-0464: openssl: Denial of service by excessive resource usage in verifying X509 policy constraints A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org github.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com security.netapp.com security.netapp.com security.netapp.com ubuntu.com ubuntu.com www.couchbase.com www.couchbase.com www.cve.org www.debian.org www.openssl.org
LOW	CVE-2023-0465: openssl: Invalid certificate policies in leaf certificates are silently ignored Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org github.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com security.netapp.com ubuntu.com ubuntu.com www.cve.org www.debian.org www.openssl.org
LOW	CVE-2023-2650: openssl: Possible DoS translating ASN.1 object identifiers Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low. Package Name:* openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org github.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov psirt.global.sonicwall.com security.gentoo.org security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.cve.org www.debian.org www.openssl.org
LOW	CVE-2024-0727: Issue summary: Processing a maliciously formatted PKCS12 file may lead ... Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.com github.com github.com github.openssl.org github.openssl.org linux.oracle.com linux.oracle.com lists.debian.org lists.debian.org nvd.nist.gov security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.cve.org www.openssl.org
LOW	CVE-2024-13176: Issue summary: A timing side-channel which could potentially allow rec ... Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.com github.openssl.org github.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov openssl-library.org security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2024-2511: Issue summary: Some non-default TLS server configurations can cause un ... Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.openssl.org linux.oracle.com linux.oracle.com lists.debian.org lists.debian.org nvd.nist.gov security.netapp.com security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openssl.org
LOW	CVE-2024-41996 Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com dheatattack.gitlab.io dheatattack.gitlab.io gist.github.com
LOW	CVE-2024-4741: Issue summary: Calling the OpenSSL API function SSL_free_buffers may c ... Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.openssl.org linux.oracle.com linux.oracle.com lists.debian.org lists.debian.org nvd.nist.gov security.netapp.com security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openssl.org
LOW	CVE-2025-15468: openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com www.cve.org
LOW	CVE-2025-15469: openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16MB remains unauthenticated. When the 'openssl dgst' command is used with algorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input exceeds this limit, the tool silently truncates to the first 16MB and continues without signaling an error, contrary to what the documentation states. This creates an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath. The issue affects only the command-line tool behavior. Verifiers that process the full message using library APIs will reject the signature, so the risk primarily affects workflows that both sign and verify with the affected 'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and library users are unaffected. The FIPS modules in 3.5 and 3.6 are not affected by this issue, as the command-line tools are outside the OpenSSL FIPS module boundary. OpenSSL 3.5 and 3.6 are vulnerable to this issue. OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com www.cve.org
LOW	CVE-2025-68160: openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cert-portal.siemens.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-69418: openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cert-portal.siemens.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-69420: openssl: OpenSSL: Denial of Service via malformed TimeStamp Response Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cert-portal.siemens.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-69421: openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cert-portal.siemens.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2026-22795: openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cert-portal.siemens.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2026-22796: openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cert-portal.siemens.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2026-28387: openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com cert-portal.siemens.com cert-portal.siemens.com github.com github.com github.com github.com github.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org www.openwall.com
LOW	CVE-2026-28388: openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com cert-portal.siemens.com cert-portal.siemens.com github.com github.com github.com github.com github.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org www.openwall.com
LOW	CVE-2026-28389: openssl: OpenSSL: Denial of Service vulnerability in CMS processing Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com cert-portal.siemens.com cert-portal.siemens.com github.com github.com github.com github.com github.com github.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org www.openwall.com
LOW	CVE-2026-31789: openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary. Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com cert-portal.siemens.com github.com github.com github.com github.com github.com github.com nvd.nist.gov openssl-library.org ubuntu.com www.cve.org www.openwall.com
LOW	CVE-2022-41409: pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. Package Name: pcre2 Installed Version: 10.32-3.el8_6 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org
LOW	CVE-2019-19244: sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. Package Name: sqlite-libs Installed Version: 3.26.0-20.el8_10 Fixed Version: References: access.redhat.com cert-portal.siemens.com github.com nvd.nist.gov ubuntu.com usn.ubuntu.com www.cve.org www.oracle.com
LOW	CVE-2019-9936: sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. Package Name: sqlite-libs Installed Version: 3.26.0-20.el8_10 Fixed Version: References: lists.opensuse.org www.securityfocus.com access.redhat.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.netapp.com sqlite.org ubuntu.com usn.ubuntu.com www.cve.org www.mail-archive.com www.mail-archive.com www.mail-archive.com www.mail-archive.com www.oracle.com www.oracle.com
LOW	CVE-2019-9937: sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. Package Name: sqlite-libs Installed Version: 3.26.0-20.el8_10 Fixed Version: References: lists.opensuse.org www.securityfocus.com access.redhat.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.netapp.com sqlite.org ubuntu.com usn.ubuntu.com www.cve.org www.mail-archive.com www.mail-archive.com www.mail-archive.com www.mail-archive.com www.oracle.com www.oracle.com
LOW	CVE-2024-0232: sqlite: use-after-free bug in jsonParseAddNodeArray A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service. Package Name: sqlite-libs Installed Version: 3.26.0-20.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com lists.fedoraproject.org nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-70873: sqlite: SQLite: Information Disclosure via Crafted ZIP File An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file. Package Name: sqlite-libs Installed Version: 3.26.0-20.el8_10 Fixed Version: References: access.redhat.com gist.github.com nvd.nist.gov sqlite.org sqlite.org www.cve.org
LOW	CVE-2021-3997: systemd: Uncontrolled recursion in systemd-tmpfiles when removing files A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. Package Name: systemd-libs Installed Version: 239-82.el8_10.16 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com nvd.nist.gov security.gentoo.org ubuntu.com www.cve.org www.openwall.com
LOW	CVE-2026-27171: zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition. Package Name: zlib Installed Version: 1.2.11-25.el8 Fixed Version: References: 7asecurity.com 7asecurity.com 7asecurity.com access.redhat.com github.com github.com github.com nvd.nist.gov ostif.org ostif.org www.cve.org
Target:	usr/share/kurrentdb/KurrentDB.deps.json
HIGH	CVE-2026-44302: Snappier has an infinite loop during SnappyStream decompression with malformed framed input Snappier is a high performance C# implementation of the Snappy compression algorithm. Prior to 1.3.1, Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-format Snappy stream as small as 15 bytes. This vulnerability is fixed in 1.3.1. Package Name: Snappier Installed Version: 1.0.0 Fixed Version: 1.3.1 References: github.com github.com nvd.nist.gov
MEDIUM	CVE-2026-40894: OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service (DoS) in the consuming application. This vulnerability is fixed in 1.15.3. Package Name: OpenTelemetry.Api Installed Version: 1.13.0 Fixed Version: 1.15.3 References: github.com github.com github.com github.com github.com github.com github.com github.com github.com nvd.nist.gov
MEDIUM	CVE-2026-42191: OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetry Protocol) exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath() when OTEL_DOTNET_EXPERIMENTAL_OTLP_RETRY=disk was set but OTEL_DOTNET_EXPERIMENTAL_OTLP_DISK_RETRY_DIRECTORY_PATH was not configured. The exporter stored and loaded .blob files under fixed, signal-named subdirectories (traces, metrics, logs) beneath that shared temporary root path. On multi-user systems where the temporary directory is accessible to other local accounts, this allows an attacker to write crafted .blob files, read .blob files written by the application between export failures, or deposit numerous or oversized blob files, degrading retry-loop performance or consuming disk space. This vulnerability is fixed in 1.15.3. Package Name:* OpenTelemetry.Exporter.OpenTelemetryProtocol Installed Version: 1.13.0 Fixed Version: 1.15.3 References: github.com github.com github.com github.com nvd.nist.gov
MEDIUM	CVE-2026-44788: SharpCompress has directory traversal via directory entries in WriteToDirectory (zip slip variant) SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file writes by chaining with a symlink entry, giving a full write primitive on the target filesystem subject to the permissions of the running process. Package Name: SharpCompress Installed Version: 0.30.1 Fixed Version: References: github.com github.com

Package statistics are no longer available on cloudsmith.io. Please visit our new web app to access this feature.

You can embed a badge in another website that shows this or the latest version of this package.

To embed the badge for this specific package version, use the following:

[![This version of 'kurrentdb-rhel8' @ Cloudsmith](https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb-rhel8/26.0.1/a=amd64;xpo=linux/?render=true)](https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-rhel8/0c06bd1ba46bd1b731b3ae3d95521c53a879cdeb34b827901f41f368a879fa40/a=amd64;xpo=linux/)

|This version of 'kurrentdb-rhel8' @ Cloudsmith|
.. |This version of 'kurrentdb-rhel8' @ Cloudsmith| image:: https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb-rhel8/26.0.1/a=amd64;xpo=linux/?render=true
   :target: https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-rhel8/0c06bd1ba46bd1b731b3ae3d95521c53a879cdeb34b827901f41f368a879fa40/a=amd64;xpo=linux/

image::https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb-rhel8/26.0.1/a=amd64;xpo=linux/?render=true[link="https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-rhel8/0c06bd1ba46bd1b731b3ae3d95521c53a879cdeb34b827901f41f368a879fa40/a=amd64;xpo=linux/",title="This version of 'kurrentdb-rhel8' @ Cloudsmith"]

<a href="https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-rhel8/0c06bd1ba46bd1b731b3ae3d95521c53a879cdeb34b827901f41f368a879fa40/a=amd64;xpo=linux/"><img src="https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb-rhel8/26.0.1/a=amd64;xpo=linux/?render=true" alt="This version of 'kurrentdb-rhel8' @ Cloudsmith" /></a>

rendered as:

To embed the badge for the latest package version, use the following:

[![Latest version of 'kurrentdb-rhel8' @ Cloudsmith](https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb-rhel8/latest/a=amd64;xpo=linux/?render=true&show_latest=true)](https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-rhel8/latest/a=amd64;xpo=linux/)

|Latest version of 'kurrentdb-rhel8' @ Cloudsmith|
.. |Latest version of 'kurrentdb-rhel8' @ Cloudsmith| image:: https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb-rhel8/latest/a=amd64;xpo=linux/?render=true&show_latest=true
   :target: https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-rhel8/latest/a=amd64;xpo=linux/

image::https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb-rhel8/latest/a=amd64;xpo=linux/?render=true&show_latest=true[link="https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-rhel8/latest/a=amd64;xpo=linux/",title="Latest version of 'kurrentdb-rhel8' @ Cloudsmith"]

<a href="https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb-rhel8/latest/a=amd64;xpo=linux/"><img src="https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb-rhel8/latest/a=amd64;xpo=linux/?render=true&show_latest=true" alt="Latest version of 'kurrentdb-rhel8' @ Cloudsmith" /></a>

rendered as:

These instructions assume you have setup the repository first (or read it).

To pull kurrentdb-rhel8 @ reference/tag 26.0.1:

docker pull docker.eventstore.com/kurrent-latest/kurrentdb-rhel8:26.0.1

You can also pull the latest version of this image (if it exists):

docker pull docker.eventstore.com/kurrent-latest/kurrentdb-rhel8:latest

To refer to this image after pulling in a Dockerfile, specify the following:

FROM docker.eventstore.com/kurrent-latest/kurrentdb-rhel8:26.0.1

Still stuck? Need help? Don't panic. Just contact us for help (even if you're not a customer).

Previous Version: 26.0.0

Next Version: 26.0.2

	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL maintainer="Red Hat, Inc."	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL vendor="Red Hat, Inc."	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL url="https://catalog.redhat.com/en/search?searchType=containers"	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL com.redhat.component="ubi8-minimal-container" name="ubi8/ubi-minimal" version="8.10" cpe="cpe:/a:redhat:enterprise_linux:8::appstream" distribution-scope="public"	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL summary="Provides the latest release of the minimal Red Hat Universal Base Image 8."	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL description="The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly."	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL io.k8s.description="The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly."	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL io.k8s.display-name="Red Hat Universal Base Image 8 Minimal"	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL io.openshift.expose-services=""	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL io.openshift.tags="minimal rhel8"	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) ENV container oci	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) COPY dir:47a02fcc44443140dd8b8b611afe808da44b857632b10c1670a829e41b0a8cb1 in /	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) COPY file:67f65df33ff6c09984969b192c50b78072a88c5655e380e734315d0229c75aa1 in /etc/yum.repos.d/.	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) CMD ["/bin/bash"]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) COPY file:3ab5c2f18f7b2afc9a63033cf6d7fedd5acc6eb94e3217a2863e790bced26b9d in /usr/share/buildinfo/content-sets.json	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) COPY file:3ab5c2f18f7b2afc9a63033cf6d7fedd5acc6eb94e3217a2863e790bced26b9d in /root/buildinfo/content_manifests/content-sets.json	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) COPY file:ecb07684e7240590e20d72d5f0114e129fb109f44667165623f428b294283b35 in /usr/share/buildinfo/labels.json	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) COPY file:ecb07684e7240590e20d72d5f0114e129fb109f44667165623f428b294283b35 in /root/buildinfo/labels.json	32 bytes
	Digest: sha256:760c7bb55c28531edab7d06c0fe5031e99a9bfdd0c63686726cc1726b2247daf Command: /bin/sh -c #(nop) LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="88c11ff07ad8439534243f8f5d279cdcae9c4504" "org.opencontainers.image.revision"="88c11ff07ad8439534243f8f5d279cdcae9c4504" "build-date"="2026-05-27T04:57:28Z" "org.opencontainers.image.created"="2026-05-27T04:57:28Z" "release"="1779857793"org.opencontainers.image.revision=88c11ff07ad8439534243f8f5d279cdcae9c4504,org.opencontainers.image.created=2026-05-27T04:57:28Z	37.9 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) ARG VERSION	32 bytes
	Digest: sha256:45af078dbb3487807d530d4410a56f568cf2e08c5a238836b89bd94a206cd54c Command: \|1 VERSION=26.0.1 /bin/sh -c microdnf install libicu && microdnf clean all && curl -LSs https://packages.kurrent.io/public/kurrent-latest/rpm/el/any-version/x86_64/kurrentdb-$VERSION-linux.x64-enterprise-linux.rpm -o kurrentdb.rpm && rpm -i kurrentdb.rpm --nopre --nopost && rm kurrentdb.rpm && mkdir -p /var/lib/kurrentdb /var/log/kurrentdb && chmod 777 /var/lib/kurrentdb /var/log/kurrentdb && printf "NodeIp: 0.0.0.0\nReplicationIp: 0.0.0.0" >> /etc/kurrentdb/kurrentdb.conf && mkdir -p /licenses && (cd /licenses && curl -LOSs https://raw.githubusercontent.com/kurrent-io/KurrentDB/refs/heads/master/LICENSE.md) && mkdir -p /opt/kurrentdb && setcap cap_net_bind_service+ep /usr/share/kurrentdb/kurrentd && ln -s /usr/share/kurrentdb/kurrentd /opt/kurrentdb/	172.1 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) VOLUME /var/lib/kurrentdb /var/log/kurrentdb	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) EXPOSE 1112/tcp 1113/tcp 2113/tcp	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) HEALTHCHECK --interval=5s --timeout=5s --retries=24 CMD curl --fail --insecure https://localhost:2113/health/live \|\| curl --fail http://localhost:2113/health/live \|\| exit 1	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) ENTRYPOINT ["/bin/kurrentd"]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) USER 65534:65534	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL "name"="kurrentdb" "maintainer"="Kurrent, Inc" "vendor"="Kurrent, Inc" "summary"="Event-centric data platform" "description"="A database purpose-built for event sourcing" "release"="2e35f12a88007a533b2c85f7ac8aebe4-26.0.1" "version"="26.0.1"	32 bytes

kurrentdb-rhel8 26.0.1

One-liner (summary)

Description

License

Size

Downloads

Tags

kurrentdb-rhel8

kurrentdb-rhel8

kurrentdb-rhel8

kurrentdb-rhel8

kurrentdb-rhel8

kurrentdb-rhel8

kurrentdb-rhel8

Last scanned

Scan result

Vulnerability count

Max. severity

CVE-2025-5278: A flaw was found in GNU Coreutils. The sort utility's begfield() funct ...

CVE-2025-13034: curl: Public key pinning bypass via QUIC and GnuTLS allows server impersonation

CVE-2025-14017: curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers

CVE-2026-1965: curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication

CVE-2026-3783: curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect

CVE-2026-3784: curl: curl: Unauthorized access due to improper HTTP proxy connection reuse

CVE-2026-3805: curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling

CVE-2026-4873: curl: curl: Information disclosure due to incorrect TLS connection reuse

CVE-2026-5545: curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse

CVE-2026-5773: curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse

CVE-2026-6253: curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies

CVE-2026-6429: curl: libcurl: Credential leak via reused proxy connection during HTTP redirects

CVE-2026-7168: curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse

CVE-2019-8905: file: stack-based buffer over-read in do_core_note in readelf.c

CVE-2026-1484: Glib: Integer Overflow Leading to Buffer Underflow and Out-of-Bounds Write in GLib g_base64_encode()

CVE-2026-1489: Glib: GLib: Memory corruption via integer overflow in Unicode case conversion

CVE-2026-4437: glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

CVE-2026-5435: glibc: glibc: Out-of-bounds write via TSIG record processing

CVE-2026-5450: glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

CVE-2026-5928: glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings

CVE-2026-4437: glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

CVE-2026-5435: glibc: glibc: Out-of-bounds write via TSIG record processing

CVE-2026-5450: glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

CVE-2026-5928: glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings

CVE-2026-4437: glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

CVE-2026-5435: glibc: glibc: Out-of-bounds write via TSIG record processing

CVE-2026-5450: glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

CVE-2026-5928: glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings

CVE-2025-68972: In GnuPG through 2.4.8, if a signed message has \f at the end of a pla ...

CVE-2024-57970: ELSA-2025-7510: libarchive security update (MODERATE)

CVE-2025-25724: list_item_verbose in tar/util.c in libarchive through 3.7.7 does not c ...

CVE-2025-60753: An issue was discovered in libarchive bsdtar before version 3.8.1 in f ...

CVE-2026-4426: libarchive: libarchive: Denial of Service via malformed ISO file processing

CVE-2026-5745: libarchive: A NULL pointer dereference vulnerability exists in the ACL parser of libarchive

CVE-2026-27456: util-linux: TOCTOU in the mount program when setting up loop devices

CVE-2025-13034: curl: Public key pinning bypass via QUIC and GnuTLS allows server impersonation

CVE-2025-14017: curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers

CVE-2026-1965: curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication

CVE-2026-3783: curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect

CVE-2026-3784: curl: curl: Unauthorized access due to improper HTTP proxy connection reuse

CVE-2026-3805: curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling

CVE-2026-4873: curl: curl: Information disclosure due to incorrect TLS connection reuse

CVE-2026-5545: curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse

CVE-2026-5773: curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse

CVE-2026-6253: curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies

CVE-2026-6429: curl: libcurl: Credential leak via reused proxy connection during HTTP redirects

CVE-2026-7168: curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse

CVE-2019-12904: Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack

CVE-2024-2236: A timing-based side-channel flaw was found in libgcrypt's RSA implemen ...

CVE-2026-41989: Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext

CVE-2025-5222: A stack buffer overflow was found in Internationl components for unico ...

CVE-2026-27456: util-linux: TOCTOU in the mount program when setting up loop devices

CVE-2026-27456: util-linux: TOCTOU in the mount program when setting up loop devices

CVE-2026-48864: libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data

CVE-2026-9149: libsolv: Heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

CVE-2026-9150: libsolv: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512 checksums

CVE-2025-5351: A flaw was found in the key export functionality of libssh. The issue ...

CVE-2025-8114: A flaw was found in libssh, a library that implements the SSH protocol ...

CVE-2026-0964: libssh: Improper sanitation of paths received from SCP servers

CVE-2026-0966: libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()

CVE-2026-3731: libssh: libssh: Denial of Service via out-of-bounds read in SFTP extension name handler

CVE-2025-5351: A flaw was found in the key export functionality of libssh. The issue ...