Package Search Help
You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.
Search by package name:
my-package (implicit)
name:my-package (explicit)
Search by package filename:
filename:my-package.ext
Search by package tag:
tag:latest
Search by package version:
version:1.0.0
prerelease:true (prereleases)
prerelease:false (no prereleases)
Search by package architecture:
architecture:x86_64
Search by package distribution:
distribution:el
Search by package license:
license:MIT
Search by package format:
format:deb
Search by package status:
status:in_progress
Search by package file checksum:
checksum:5afba
Search by package security status:
severity:critical
Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000
Search by # of package downloads:
downloads:>8
downloads:<100
Search by package type:
type:binary
type:source
Search by package size (bytes):
size:>50000
size:<10000
Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0
Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"
Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY
Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true
Search by repository:
repository:repo-name
Search by last download date:
last_downloaded:<"30 days ago"
last_downloaded:>"August 14, 2022 EST"
Search queries for all Debian-specific (and related) package types
Search by component:
deb_component:unstable
Search queries for all Maven-specific (and related) package types
Search by group ID:
maven_group_id:org.apache
Search queries for all Docker-specific (and related) package types
Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)
Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)
Search queries for all Generic-specific package types
Search by file path:
generic_filepath:path/to/file.txt
Search by directory:
generic_directory:path/to
Field type modifiers (depending on the type, you can influence behaviour)
For all queries, you can use:
~foo for negation
For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching
For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal
Need a secure and centralised artifact repository to deliver Alpine,
Cargo,
CocoaPods,
Composer,
Conan,
Conda,
CRAN,
Dart,
Debian,
Docker,
Generic,
Go,
Helm,
Hex,
HuggingFace,
LuaRocks,
Maven,
MCP,
npm,
NuGet,
P2,
Python,
RedHat,
Ruby,
Swift,
Terraform,
Vagrant,
VSX,
Raw & More packages?
Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.
With support for all major package formats, you can trust us to manage your software supply chain.
Debian
Helm
NuGet
RedHat
eventstore
(Kurrent)
/
kurrent-latest
A certifiably-awesome public package repository curated by Kurrent, hosted by Cloudsmith.
kurrentdb-rhel8
9104391fa4e0d285004ab4a34f6…
One-liner (summary)
A certifiably-awesome package curated by ryan-b, hosted by Cloudsmith.
Description
A certifiably-awesome package curated by ryan-b, hosted by Cloudsmith.
| Status | Completed |
|---|---|
| Checksum (MD5) | cf4eac32d76b7947815cc1be02d092ac |
| Checksum (SHA-1) | 7d3e168f013e83461edadaf1620789e58ea938b8 |
| Checksum (SHA-256) | 9104391fa4e0d285004ab4a34f672b2262fe101b3396280ef0fea73dc4249ced |
| Checksum (SHA-512) | a9d6651410f439e5dbce80b22626557293964f4daba0397ee4039e12644909fb26… |
| GPG Signature | |
| GPG Fingerprint | 02a89004460aa252035d6b7d094442d90ad50bcd |
| Storage Region | Dublin, Ireland |
| Type | Binary (contains binaries and binary artifacts) |
| Uploaded At | 2 months, 1 week ago |
| Uploaded By |
|
| Slug Id | kurrentdb-rhel8-ir3m |
| Unique Id | ciygjEDN3hTQ |
| Version (Raw) | 9104391fa4e0d285004ab4a34f672b2262fe101b3396280ef0fea73dc4249ced |
| Version (Parsed) |
|
| docker-specific metadata | |
| Image Digest | sha256:9104391fa4e0d285004ab4a34f672b2262fe101b3396280ef0fea73dc4249ced |
| Config Digest | sha256:37b7e0e459fa2218b7f479f70913da0542b9be79570ba80efab1404ec51e370e |
| V1 OCI Index Digest | sha256:644290dee1307e310d779fd881064131dd29206f11f9e5ce091c9642668fdfc7 |
| V1 Distribution (Signed) Digest | sha256:c798bc6ffcb1b9a7c42633a2e87d0d40fe74e22175a62ad6405d5165f4b0719e |
| V2 Distribution List Digest | sha256:3385a1d818c8c565b2da7dda73bfd99239eab72092899d14284fbe101ae4af4d |
| V2 Distribution Digest | sha256:8c2c7641f89defbebf2921a7174ad4191476a1e1d455decf8d7b789a51fed998 |
| V1 Distribution Digest | sha256:b51da30a32eda9352f79b2d80d1a9fb1a84e44eb60be3ebaa922a7bc193646b0 |
| V1 OCI Digest | sha256:9104391fa4e0d285004ab4a34f672b2262fe101b3396280ef0fea73dc4249ced |
| extended metadata | |
| Manifest Type | V1 OCI |
| Architecture | amd64 |
| Config | |
| Created | 2026-02-24 16:27:33 UTC |
| Os | linux |
This package was uploaded with the following V1 OCI manifest:
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"config": {
"mediaType": "application/vnd.oci.image.config.v1+json",
"digest": "sha256:c86162537f68d4acddc3f33912d49cfce15ade5176993eb3ea91b8468975c192",
"size": 8588
},
"layers": [
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"digest": "sha256:f543dbbf6c5fa45c4805a5c72cdaf24b296832c31cfd34d79c5ae218c39813e2",
"size": 39777529
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"digest": "sha256:b1114957df0b61debc1b5fe31d384c4788ccec59864d85a623eb26984db61020",
"size": 159710547
}
]
}|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL maintainer="Red Hat, Inc." |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL vendor="Red Hat, Inc." |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL url="https://catalog.redhat.com/en/search?searchType=containers" |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL com.redhat.component="ubi8-minimal-container" name="ubi8/ubi-minimal" version="8.10" cpe="cpe:/a:redhat:enterprise_linux:8::appstream" distribution-scope="public" |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL summary="Provides the latest release of the minimal Red Hat Universal Base Image 8." |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL description="The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly." |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL io.k8s.description="The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly." |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL io.k8s.display-name="Red Hat Universal Base Image 8 Minimal" |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL io.openshift.expose-services="" |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL io.openshift.tags="minimal rhel8" |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ENV container oci |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) COPY dir:d28f6f6a957d498a2d9da353a37c89ce8244ec681b6d1a47fbea1ffed9b9e15e in / |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) COPY file:67f65df33ff6c09984969b192c50b78072a88c5655e380e734315d0229c75aa1 in /etc/yum.repos.d/. |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["/bin/bash"] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) COPY file:3ab5c2f18f7b2afc9a63033cf6d7fedd5acc6eb94e3217a2863e790bced26b9d in /usr/share/buildinfo/content-sets.json |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) COPY file:3ab5c2f18f7b2afc9a63033cf6d7fedd5acc6eb94e3217a2863e790bced26b9d in /root/buildinfo/content_manifests/content-sets.json |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) COPY file:2dc8c464316da749cf7d252fd48f3e04e6869098a5b7b20ad11e29bc9a18b21c in /usr/share/buildinfo/labels.json |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) COPY file:2dc8c464316da749cf7d252fd48f3e04e6869098a5b7b20ad11e29bc9a18b21c in /root/buildinfo/labels.json |
32 bytes | ||
|
Digest:
sha256:f543dbbf6c5fa45c4805a5c72cdaf24b296832c31cfd34d79c5ae218c39813e2
Command: /bin/sh -c #(nop) LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="464edfc35689ecbe55e619330fe3153cc316de8f" "org.opencontainers.image.revision"="464edfc35689ecbe55e619330fe3153cc316de8f" "build-date"="2026-02-23T08:49:28Z" "org.opencontainers.image.created"="2026-02-23T08:49:28Z" "release"="1771836450"org.opencontainers.image.revision=464edfc35689ecbe55e619330fe3153cc316de8f,org.opencontainers.image.created=2026-02-23T08:49:28Z |
37.9 MB | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ARG VERSION=25.1.4 |
32 bytes | ||
|
Digest:
sha256:b1114957df0b61debc1b5fe31d384c4788ccec59864d85a623eb26984db61020
Command: RUN |1 VERSION=25.1.4 /bin/sh -c microdnf install libicu && microdnf clean all && curl -LSs https://packages.kurrent.io/public/kurrent-latest/rpm/el/any-version/x86_64/kurrentdb-$VERSION-linux.x64-enterprise-linux.rpm -o kurrentdb.rpm && rpm -i kurrentdb.rpm --nopre --nopost && rm kurrentdb.rpm && mkdir -p /var/lib/kurrentdb /var/log/kurrentdb && chmod 777 /var/lib/kurrentdb /var/log/kurrentdb && printf "NodeIp: 0.0.0.0\nReplicationIp: 0.0.0.0" >> /etc/kurrentdb/kurrentdb.conf && mkdir -p /licenses && (cd /licenses && curl -LOSs https://raw.githubusercontent.com/kurrent-io/KurrentDB/refs/heads/master/LICENSE.md) && mkdir -p /opt/kurrentdb && setcap cap_net_bind_service+ep /usr/share/kurrentdb/kurrentd && ln -s /usr/share/kurrentdb/kurrentd /opt/kurrentdb/ # buildkit |
152.3 MB | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: VOLUME [/var/lib/kurrentdb /var/log/kurrentdb] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: EXPOSE [1112/tcp 1113/tcp 2113/tcp] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: HEALTHCHECK &{["CMD-SHELL" "curl --fail --insecure https://localhost:2113/health/live || curl --fail http://localhost:2113/health/live || exit 1"] "5s" "5s" "0s" "0s" '\x18'} |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ENTRYPOINT ["/bin/kurrentd"] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: USER 65534:65534 |
32 bytes |
|
|
kurrentdb-rhel8 |
25 |
|
||
|
|
kurrentdb-rhel8 |
25 |
|
||
|
|
kurrentdb-rhel8 |
31 |
|
||
|
|
kurrentdb-rhel8 |
30 |
|
||
|
|
kurrentdb-rhel8 |
47 |
|
||
|
|
kurrentdb-rhel8 |
56 |
|
||
|
|
kurrentdb-rhel8 |
27 |
|
||
|
|
kurrentdb-rhel8 |
33 |
|
||
|
|
kurrentdb-rhel8 |
113 |
|
||
|
|
kurrentdb-rhel8 |
50 |
|
Last scanned
2 months, 1 week ago
Scan result
Vulnerable
Vulnerability count
102
Max. severity
High| Target: | ciygjEDN3hTQ.sbom-cyclonedx.json (redhat 8.10) | |
| HIGH |
CVE-2025-6176: Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoSScrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.Package Name: brotli Installed Version: 1.0.6-4.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.com github.com github.com huntr.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-5278: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key SpecificationA flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.Package Name: coreutils-single Installed Version: 8.30-16.el8_10 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com bugzilla.redhat.com cgit.git.savannah.gnu.org cgit.git.savannah.gnu.org nvd.nist.gov security-tracker.debian.org www.cve.org |
|
| MEDIUM |
CVE-2025-14017: curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfersWhen doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.Package Name: curl Installed Version: 7.61.1-34.el8_10.9 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2019-8905: file: stack-based buffer over-read in do_core_note in readelf.cdo_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.Package Name: file-libs Installed Version: 5.33-27.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com bugs.astron.com lists.debian.org nvd.nist.gov ubuntu.com usn.ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2025-14087: glib: GLib: Buffer underflow in GVariant parser leads to heap corruptionA flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.Package Name: glib2 Installed Version: 2.56.4-168.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com gitlab.gnome.org gitlab.gnome.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2025-14512: glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer OverflowA flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.Package Name: glib2 Installed Version: 2.56.4-168.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com gitlab.gnome.org gitlab.gnome.org nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2026-1484: Glib: Integer Overflow Leading to Buffer Underflow and Out-of-Bounds Write in GLib g_base64_encode()A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.Package Name: glib2 Installed Version: 2.56.4-168.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2026-1489: Glib: GLib: Memory corruption via integer overflow in Unicode case conversionA flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.Package Name: glib2 Installed Version: 2.56.4-168.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2026-0915: glibc: glibc: Information disclosure via zero-valued network queryCalling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.Package Name: glibc Installed Version: 2.28-251.el8_10.27 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org ubuntu.com www.cve.org www.openwall.com |
|
| MEDIUM |
CVE-2026-0915: glibc: glibc: Information disclosure via zero-valued network queryCalling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.Package Name: glibc-common Installed Version: 2.28-251.el8_10.27 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org ubuntu.com www.cve.org www.openwall.com |
|
| MEDIUM |
CVE-2026-0915: glibc: glibc: Information disclosure via zero-valued network queryCalling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.Package Name: glibc-minimal-langpack Installed Version: 2.28-251.el8_10.27 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org ubuntu.com www.cve.org www.openwall.com |
|
| MEDIUM |
CVE-2025-68972: gnupg: GnuPG: Signature bypass via form feed character in signed messagesIn GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.Package Name: gnupg2 Installed Version: 2.2.20-4.el8_10 Fixed Version: References: access.redhat.com gpg.fail media.ccc.de news.ycombinator.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2024-57970: libarchive: heap buffer over-read in header_gnu_longlinklibarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org errata.rockylinux.org github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-25724: libarchive: Buffer Overflow vulnerability in libarchivelist_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gist.github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2025-60753: libarchive: bsdtar hangs and OOMs with zero-length pattern matchesAn issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com github.com github.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernamesA flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.Package Name: libblkid Installed Version: 2.32.1-48.el8_10 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-14017: curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfersWhen doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.Package Name: libcurl Installed Version: 7.61.1-34.el8_10.9 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2019-12904: Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attackIn Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attackPackage Name: libgcrypt Installed Version: 1.8.5-7.el8_6 Fixed Version: References: lists.opensuse.org access.redhat.com dev.gnupg.org github.com github.com lists.apache.org lists.gnupg.org nvd.nist.gov people.canonical.com www.cve.org |
|
| MEDIUM |
CVE-2024-2236: libgcrypt: vulnerable to Marvin AttackA timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.Package Name: libgcrypt Installed Version: 1.8.5-7.el8_6 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org dev.gnupg.org errata.almalinux.org errata.rockylinux.org github.com gitlab.com linux.oracle.com linux.oracle.com lists.gnupg.org nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-5222: icu: Stack buffer overflow in the SRBRoot::addTag functionA stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.Package Name: libicu Installed Version: 60.3-2.el8_1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernamesA flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.Package Name: libmount Installed Version: 2.32.1-48.el8_10 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernamesA flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.Package Name: libsmartcols Installed Version: 2.32.1-48.el8_10 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-5351: libssh: Double Free Vulnerability in libssh Key Export FunctionsA flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org www.libssh.org |
|
| MEDIUM |
CVE-2025-8114: libssh: NULL Pointer Dereference in libssh KEX Session ID CalculationA flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com git.libssh.org git.libssh.org nvd.nist.gov ubuntu.com www.cve.org www.libssh.org |
|
| MEDIUM |
CVE-2025-5351: libssh: Double Free Vulnerability in libssh Key Export FunctionsA flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org www.libssh.org |
|
| MEDIUM |
CVE-2025-8114: libssh: NULL Pointer Dereference in libssh KEX Session ID CalculationA flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com git.libssh.org git.libssh.org nvd.nist.gov ubuntu.com www.cve.org www.libssh.org |
|
| MEDIUM |
CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernamesA flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.Package Name: libuuid Installed Version: 2.32.1-48.el8_10 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-9714: libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.cUncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.gnome.org gitlab.gnome.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2026-0990: libxml2: libxml2: Denial of Service via uncontrolled recursion in XML catalog processingA flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2026-1757: libxml2: Memory Leak Leading to Local Denial of Service in xmllint Interactive ShellA flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2022-4899: zstd: mysql: buffer overrun in util.cA vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.Package Name: libzstd Installed Version: 1.4.4-1.el8 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com security.netapp.com www.cve.org |
|
| MEDIUM |
CVE-2026-22185: OpenLDAP: OpenLDAP LMDB: Denial of Service and Information Disclosure via Heap Buffer UnderflowOpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.Package Name: openldap Installed Version: 2.4.46-21.el8_10 Fixed Version: References: access.redhat.com bugs.openldap.org nvd.nist.gov seclists.org seclists.org www.cve.org www.openldap.org www.vulncheck.com |
|
| MEDIUM |
CVE-2023-0466: openssl: Certificate policy check not enabledThe function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org www.debian.org www.openssl.org |
|
| MEDIUM |
CVE-2025-11187: openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 fileIssue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations. When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference. Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity. The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue. OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2025-69419: openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processingIssue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2018-20839: systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attackersystemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.Package Name: systemd-libs Installed Version: 239-82.el8_10.13 Fixed Version: References: www.securityfocus.com access.redhat.com bugs.launchpad.net github.com github.com lists.apache.org nvd.nist.gov security.netapp.com www.cve.org |
|
| MEDIUM |
CVE-2025-4598: systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dumpA vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.Package Name: systemd-libs Installed Version: 239-82.el8_10.13 Fixed Version: References: seclists.org www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com blogs.oracle.com bugzilla.redhat.com bugzilla.redhat.com ciq.com errata.almalinux.org git.kernel.org github.com github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov ubuntu.com www.cve.org www.openwall.com www.openwall.com www.qualys.com |
|
| LOW |
CVE-2023-27534: curl: SFTP path ~ resolving discrepancyA path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.Package Name: curl Installed Version: 7.61.1-34.el8_10.9 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se errata.almalinux.org hackerone.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2024-11053: curl: curl netrc password leakWhen asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.Package Name: curl Installed Version: 7.61.1-34.el8_10.9 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se curl.se cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com security.netapp.com security.netapp.com ubuntu.com www.cve.org www.oracle.com |
|
| LOW |
CVE-2024-7264: curl: libcurl: ASN.1 date parser overreadlibcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.Package Name: curl Installed Version: 7.61.1-34.el8_10.9 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se curl.se cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com security.netapp.com security.netapp.com ubuntu.com ubuntu.com www.cve.org www.oracle.com |
|
| LOW |
CVE-2024-25260: elfutils: global-buffer-overflow exists in the function ebl_machine_flag_name in eblmachineflagname.celfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.Package Name: elfutils-libelf Installed Version: 0.190-2.el8 Fixed Version: References: access.redhat.com github.com nvd.nist.gov sourceware.org sourceware.org ubuntu.com www.cve.org |
|
| LOW |
CVE-2019-8906: file: out-of-bounds read in do_core_note in readelf.cdo_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.Package Name: file-libs Installed Version: 5.33-27.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com bugs.astron.com github.com nvd.nist.gov support.apple.com support.apple.com support.apple.com support.apple.com ubuntu.com usn.ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-4156: gawk: heap out of bound read in builtin.cA heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.Package Name: gawk Installed Version: 4.2.1-4.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com git.savannah.gnu.org mail.gnu.org mail.gnu.org nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-29499: glib: GVariant offset table entry size is not checked in is_normal()A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.Package Name: glib2 Installed Version: 2.56.4-168.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-32611: glib: g_variant_byteswap() can take a long time with some non-normal inputsA flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.Package Name: glib2 Installed Version: 2.56.4-168.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-32636: glib: Timeout in fuzz_variant_textA flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.Package Name: glib2 Installed Version: 2.56.4-168.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com discourse.gnome.org errata.almalinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-32665: glib: GVariant deserialisation does not match spec for non-normal dataA flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.Package Name: glib2 Installed Version: 2.56.4-168.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-3360: glibc: GLib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid ISO 8601 timestamp with g_date_time_new_from_iso8601().A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.Package Name: glib2 Installed Version: 2.56.4-168.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com lists.debian.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-7039: glib: Buffer Under-read on GLib through glib/gfileutils.c via get_tmp_file()A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.Package Name: glib2 Installed Version: 2.56.4-168.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2026-0988: glib: GLib: Denial of Service via Integer Overflow in g_buffered_input_stream_peek()A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).Package Name: glib2 Installed Version: 2.56.4-168.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2026-1485: Glib: Glib: Local denial of service via buffer underflow in content type parsingA flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.Package Name: glib2 Installed Version: 2.56.4-168.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-15281: glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memoryCalling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.Package Name: glibc Installed Version: 2.28-251.el8_10.27 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org ubuntu.com www.cve.org www.openwall.com |
|
| LOW |
CVE-2025-15281: glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memoryCalling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.Package Name: glibc-common Installed Version: 2.28-251.el8_10.27 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org ubuntu.com www.cve.org www.openwall.com |
|
| LOW |
CVE-2025-15281: glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memoryCalling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.Package Name: glibc-minimal-langpack Installed Version: 2.28-251.el8_10.27 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org ubuntu.com www.cve.org www.openwall.com |
|
| LOW |
CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packetsGnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.Package Name: gnupg2 Installed Version: 2.2.20-4.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyringIn GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."Package Name: gnupg2 Installed Version: 2.2.20-4.el8_10 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2026-24883: GnuPG: GnuPG: Denial of service due to specially crafted signature packetIn GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).Package Name: gnupg2 Installed Version: 2.2.20-4.el8_10 Fixed Version: References: access.redhat.com dev.gnupg.org nvd.nist.gov www.cve.org www.openwall.com |
|
| LOW |
CVE-2021-4209: GnuTLS: Null pointer dereference in MD_UPDATEA NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.Package Name: gnutls Installed Version: 3.6.16-8.el8_10.4 Fixed Version: References: access.redhat.com bugzilla.redhat.com gitlab.com gitlab.com gitlab.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-9820: gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() FunctionA flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.Package Name: gnutls Installed Version: 3.6.16-8.el8_10.4 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com gitlab.com gitlab.com nvd.nist.gov ubuntu.com www.cve.org www.gnutls.org |
|
| LOW |
CVE-2018-1000879: libarchive: NULL pointer dereference in ACL parser resulting in a denial of servicelibarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: lists.opensuse.org www.securityfocus.com access.redhat.com bugs.launchpad.net github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2018-1000880: libarchive: Improper input validation in WARC parser resulting in a denial of servicelibarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: lists.opensuse.org www.securityfocus.com access.redhat.com bugs.launchpad.net github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com usn.ubuntu.com www.cve.org www.debian.org |
|
| LOW |
CVE-2025-1632: libarchive: null pointer dereference in bsdunzip.cA vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com github.com nvd.nist.gov ubuntu.com vuldb.com vuldb.com vuldb.com www.cve.org |
|
| LOW |
CVE-2025-5915: libarchive: Heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.cA vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-5916: libarchive: Integer overflow while reading warc files at archive_read_support_format_warc.cA vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com github.com nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-5917: libarchive: Off by one error in build_ustar_entry_name() at archive_write_set_format_pax.cA vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-5918: libarchive: Reading past EOF may be triggered for piped file streamsA vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2023-27534: curl: SFTP path ~ resolving discrepancyA path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.Package Name: libcurl Installed Version: 7.61.1-34.el8_10.9 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se errata.almalinux.org hackerone.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2024-11053: curl: curl netrc password leakWhen asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.Package Name: libcurl Installed Version: 7.61.1-34.el8_10.9 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se curl.se cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com security.netapp.com security.netapp.com ubuntu.com www.cve.org www.oracle.com |
|
| LOW |
CVE-2024-7264: curl: libcurl: ASN.1 date parser overreadlibcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.Package Name: libcurl Installed Version: 7.61.1-34.el8_10.9 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se curl.se cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com security.netapp.com security.netapp.com ubuntu.com ubuntu.com www.cve.org www.oracle.com |
|
| LOW |
CVE-2018-20657: libiberty: Memory leak in demangle_template function resulting in a denial of serviceThe demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.Package Name: libgcc Installed Version: 8.5.0-28.el8_10 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com gcc.gnu.org linux.oracle.com linux.oracle.com nvd.nist.gov support.f5.com www.cve.org |
|
| LOW |
CVE-2019-14250: binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflowAn issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.Package Name: libgcc Installed Version: 8.5.0-28.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com gcc.gnu.org gcc.gnu.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com www.cve.org |
|
| LOW |
CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_constlibiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.Package Name: libgcc Installed Version: 8.5.0-28.el8_10 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org |
|
| LOW |
CVE-2025-4878: libssh: Use of uninitialized variable in privatekey_from_file()A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com git.libssh.org git.libssh.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org |
|
| LOW |
CVE-2025-8277: libssh: Memory Exhaustion via Repeated Key Exchange in libsshA flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org |
|
| LOW |
CVE-2025-4878: libssh: Use of uninitialized variable in privatekey_from_file()A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com git.libssh.org git.libssh.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org |
|
| LOW |
CVE-2025-8277: libssh: Memory Exhaustion via Repeated Key Exchange in libsshA flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org |
|
| LOW |
CVE-2018-20657: libiberty: Memory leak in demangle_template function resulting in a denial of serviceThe demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.Package Name: libstdc++ Installed Version: 8.5.0-28.el8_10 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com gcc.gnu.org linux.oracle.com linux.oracle.com nvd.nist.gov support.f5.com www.cve.org |
|
| LOW |
CVE-2019-14250: binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflowAn issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.Package Name: libstdc++ Installed Version: 8.5.0-28.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com gcc.gnu.org gcc.gnu.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com www.cve.org |
|
| LOW |
CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_constlibiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.Package Name: libstdc++ Installed Version: 8.5.0-28.el8_10 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org |
|
| LOW |
CVE-2018-1000654: libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustionGNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.Package Name: libtasn1 Installed Version: 4.13-5.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com gitlab.com lists.apache.org nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-13151: libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_stringStack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.Package Name: libtasn1 Installed Version: 4.13-5.el8_10 Fixed Version: References: www.openwall.com access.redhat.com gitlab.com gitlab.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.kb.cert.org |
|
| LOW |
CVE-2023-45322: libxml2: use-after-free in xmlUnlinkNode() in tree.clibxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.3 Fixed Version: References: www.openwall.com access.redhat.com gitlab.gnome.org gitlab.gnome.org lists.debian.org nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2024-34459: libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.cAn issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.3 Fixed Version: References: access.redhat.com gitlab.gnome.org gitlab.gnome.org gitlab.gnome.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-27113: libxml2: NULL Pointer Dereference in libxml2 xmlPatMatchlibxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.3 Fixed Version: References: seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org access.redhat.com gitlab.gnome.org lists.debian.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.openwall.com |
|
| LOW |
CVE-2025-6170: libxml2: Stack Buffer Overflow in xmllint Interactive Shell Command HandlingA flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com gitlab.gnome.org lists.debian.org nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2026-0989: libxml2: Unbounded RelaxNG Include Recursion Leading to Stack OverflowA flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com gitlab.gnome.org nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2026-0992: libxml2: libxml2: Denial of Service via crafted XML catalogsA flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2021-24032: zstd: Race condition allows attacker to access world-readable destination fileBeginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.Package Name: libzstd Installed Version: 1.4.4-1.el8 Fixed Version: References: access.redhat.com bugs.debian.org github.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.facebook.com |
|
| LOW |
CVE-2018-19211: ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.cIn ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2020-19185: ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19186: ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19187: ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19188: ncurses: Stack buffer overflow in fmt_entry function in progs/dump_entry.c:1116Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19189: ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com lists.debian.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2020-19190: ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: cvsweb.netbsd.org seclists.org seclists.org seclists.org seclists.org access.redhat.com lists.debian.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2018-19211: ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.cIn ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2020-19185: ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19186: ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19187: ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19188: ncurses: Stack buffer overflow in fmt_entry function in progs/dump_entry.c:1116Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19189: ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com lists.debian.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2020-19190: ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: cvsweb.netbsd.org seclists.org seclists.org seclists.org seclists.org access.redhat.com lists.debian.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-0464: openssl: Denial of service by excessive resource usage in verifying X509 policy constraintsA security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com security.netapp.com ubuntu.com ubuntu.com www.couchbase.com www.cve.org www.debian.org www.openssl.org |
|
| LOW |
CVE-2023-0465: openssl: Invalid certificate policies in leaf certificates are silently ignoredApplications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org www.debian.org www.openssl.org |
|
| LOW |
CVE-2023-2650: openssl: Possible DoS translating ASN.1 object identifiersIssue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov psirt.global.sonicwall.com security.gentoo.org security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.cve.org www.debian.org www.openssl.org |
|
| LOW |
CVE-2024-0727: openssl: denial of service via null dereferenceIssue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.com github.com github.openssl.org github.openssl.org linux.oracle.com linux.oracle.com lists.debian.org lists.debian.org nvd.nist.gov security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.cve.org www.openssl.org |
|
| LOW |
CVE-2024-13176: openssl: Timing side-channel in ECDSA signature computationIssue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.openssl.org github.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov openssl-library.org security.netapp.com security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org www.oracle.com |
|
| LOW |
CVE-2024-2511: openssl: Unbounded memory growth with session handling in TLSv1.3Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.openssl.org linux.oracle.com linux.oracle.com lists.debian.org lists.debian.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openssl.org www.openssl.org |
|
| LOW |
CVE-2024-41996: openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculationsValidating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com dheatattack.gitlab.io dheatattack.gitlab.io gist.github.com github.com nvd.nist.gov openssl-library.org www.cve.org |
|
| LOW |
CVE-2024-4741: openssl: Use After Free with SSL_free_buffersIssue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.openssl.org linux.oracle.com linux.oracle.com lists.debian.org lists.debian.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openssl.org |
|
| LOW |
CVE-2025-15468: openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handlingIssue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-15469: openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncationIssue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16MB remains unauthenticated. When the 'openssl dgst' command is used with algorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input exceeds this limit, the tool silently truncates to the first 16MB and continues without signaling an error, contrary to what the documentation states. This creates an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath. The issue affects only the command-line tool behavior. Verifiers that process the full message using library APIs will reject the signature, so the risk primarily affects workflows that both sign and verify with the affected 'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and library users are unaffected. The FIPS modules in 3.5 and 3.6 are not affected by this issue, as the command-line tools are outside the OpenSSL FIPS module boundary. OpenSSL 3.5 and 3.6 are vulnerable to this issue. OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-66199: openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compressionIssue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service). In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCertificate message is used to grow a heap buffer prior to decompression. This length is not bounded by the max_cert_list setting, which otherwise constrains certificate message sizes. An attacker can exploit this to cause large per-connection allocations followed by handshake failure. No memory corruption or information disclosure occurs. This issue only affects builds where TLS 1.3 certificate compression is compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression algorithm (brotli, zlib, or zstd) is available, and where the compression extension is negotiated. Both clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate are affected. Servers that do not request client certificates are not vulnerable to client-initiated attacks. Users can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION to disable receiving compressed certificates. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the TLS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-68160: openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filterIssue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-69418: openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption callsIssue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-69420: openssl: OpenSSL: Denial of Service via malformed TimeStamp ResponseIssue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-69421: openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processingIssue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2026-22795: openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processingIssue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2026-22796: openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verificationIssue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-15.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov openssl-library.org ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2022-41409: pcre2: negative repeat value in a pcre2test subject line leads to inifinite loopInteger overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.Package Name: pcre2 Installed Version: 10.32-3.el8_6 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2019-19244: sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usagesqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.Package Name: sqlite-libs Installed Version: 3.26.0-20.el8_10 Fixed Version: References: access.redhat.com cert-portal.siemens.com github.com nvd.nist.gov ubuntu.com usn.ubuntu.com www.cve.org www.oracle.com |
|
| LOW |
CVE-2019-9936: sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.cIn SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.Package Name: sqlite-libs Installed Version: 3.26.0-20.el8_10 Fixed Version: References: lists.opensuse.org www.securityfocus.com access.redhat.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.netapp.com sqlite.org ubuntu.com usn.ubuntu.com www.cve.org www.mail-archive.com www.mail-archive.com www.mail-archive.com www.mail-archive.com www.oracle.com www.oracle.com |
|
| LOW |
CVE-2019-9937: sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.cIn SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.Package Name: sqlite-libs Installed Version: 3.26.0-20.el8_10 Fixed Version: References: lists.opensuse.org www.securityfocus.com access.redhat.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.netapp.com sqlite.org ubuntu.com usn.ubuntu.com www.cve.org www.mail-archive.com www.mail-archive.com www.mail-archive.com www.mail-archive.com www.oracle.com www.oracle.com |
|
| LOW |
CVE-2024-0232: sqlite: use-after-free bug in jsonParseAddNodeArrayA heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.Package Name: sqlite-libs Installed Version: 3.26.0-20.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com lists.fedoraproject.org nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2021-3997: systemd: Uncontrolled recursion in systemd-tmpfiles when removing filesA flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.Package Name: systemd-libs Installed Version: 239-82.el8_10.13 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com nvd.nist.gov security.gentoo.org ubuntu.com www.cve.org www.openwall.com |
|
Package statistics are no longer available on cloudsmith.io. Please visit our new web app to access this feature.
These instructions assume you have setup the repository first (or read it).
To pull kurrentdb-rhel8 @ reference/tag sha256:9104391fa4e0d285004ab4a34f672b2262fe101b3396280ef0fea73dc4249ced:
docker pull docker.eventstore.com/kurrent-latest/kurrentdb-rhel8@sha256:9104391fa4e0d285004ab4a34f672b2262fe101b3396280ef0fea73dc4249cedYou can also pull the latest version of this image (if it exists):
docker pull docker.eventstore.com/kurrent-latest/kurrentdb-rhel8:latestTo refer to this image after pulling in a Dockerfile, specify the following:
FROM docker.eventstore.com/kurrent-latest/kurrentdb-rhel8@sha256:9104391fa4e0d285004ab4a34f672b2262fe101b3396280ef0fea73dc4249ced