Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-hjuk/fj-multi-component-child-hios@sha256:54712c1757ad7311416c6652c2955dd560620ef073067f265000c5110cc01885. Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-hjuk/fj-multi-component-child-hios Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-hjuk/fj-multi-component-child-hios WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation '. Found SBOM of media type: text/spdx+json Running TPA scan on amd64 image manifest... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed { "scanned" : { "total" : 122, "direct" : 23, "transitive" : 99 }, "providers" : { "rhtpa" : { "status" : { "ok" : true, "name" : "rhtpa", "code" : 200, "message" : "OK", "warnings" : { } }, "sources" : { "redhat-csaf" : { "summary" : { "direct" : 22, "transitive" : 250, "total" : 272, "dependencies" : 40, "critical" : 7, "high" : 74, "medium" : 172, "low" : 19, "unknown" : 0, "remediations" : 0, "recommendations" : 0, "unscanned" : 0 }, "dependencies" : [ { "ref" : "pkg:rpm/redhat/microdnf@3.9.1-3.el9?arch=x86_64&distro=rhel-9.2&upstream=microdnf-3.9.1-3.el9.src.rpm", "transitive" : [ { "ref" : "pkg:rpm/redhat/openssl-libs@3.0.7-16.el9_2?arch=x86_64&distro=rhel-9.2&epoch=1&upstream=openssl-3.0.7-16.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false }, { "id" : "CVE-2026-45445", "title" : "AES-OCB IV Ignored on EVP_Cipher() Path", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2026-45445" ], "unique" : false }, { "id" : "CVE-2026-45447", "title" : "Heap Use-After-Free in the PKCS7_verify() Function", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-45447" ], "unique" : false }, { "id" : "CVE-2023-5363", "title" : "Incorrect cipher key & IV length processing", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2023-5363" ], "unique" : false }, { "id" : "CVE-2026-28390", "title" : "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-28390" ], "unique" : false }, { "id" : "CVE-2026-34183", "title" : "Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-34183" ], "unique" : false }, { "id" : "CVE-2024-12797", "title" : "RFC7250 handshakes with unauthenticated servers don't abort as expected", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2024-12797" ], "unique" : false }, { "id" : "CVE-2025-69419", "title" : "Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2025-69419" ], "unique" : false }, { "id" : "CVE-2026-34182", "title" : "CMS AuthEnvelopedData Processing May Accept Forged Messages", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2026-34182" ], "unique" : false }, { "id" : "CVE-2023-6129", "title" : "POLY1305 MAC implementation corrupts vector registers on PowerPC", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6129" ], "unique" : false }, { "id" : "CVE-2025-69421", "title" : "NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69421" ], "unique" : false }, { "id" : "CVE-2026-34181", "title" : "PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-34181" ], "unique" : false }, { "id" : "CVE-2026-42768", "title" : "Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()", "source" : "redhat-csaf", "cvssScore" : 6.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-42768" ], "unique" : false }, { "id" : "CVE-2025-11187", "title" : "Improper validation of PBMAC1 parameters in PKCS#12 MAC verification", "source" : "redhat-csaf", "cvssScore" : 6.1, "severity" : "MEDIUM", "cves" : [ "CVE-2025-11187" ], "unique" : false }, { "id" : "CVE-2023-6237", "title" : "Excessive time spent checking invalid RSA public keys", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-6237" ], "unique" : false }, { "id" : "CVE-2024-5535", "title" : "SSL_select_next_proto buffer overread", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-5535" ], "unique" : false }, { "id" : "CVE-2024-6119", "title" : "Possible denial of service in X.509 name checks", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-6119" ], "unique" : false }, { "id" : "CVE-2025-15468", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15468" ], "unique" : false }, { "id" : "CVE-2025-66199", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-66199" ], "unique" : false }, { "id" : "CVE-2025-69420", "title" : "Missing ASN1_TYPE validation in TS_RESP_verify_response() function", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69420" ], "unique" : false }, { "id" : "CVE-2026-22796", "title" : "ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22796" ], "unique" : false }, { "id" : "CVE-2026-31790", "title" : "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-31790" ], "unique" : false }, { "id" : "CVE-2026-42764", "title" : "NULL Pointer Dereference in QUIC Server Initial Packet Handling", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-42764" ], "unique" : false }, { "id" : "CVE-2026-42769", "title" : "Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-42769" ], "unique" : false }, { "id" : "CVE-2026-42770", "title" : "FFC-DH Peer Validation Uses Attacker-Supplied q", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-42770" ], "unique" : false }, { "id" : "CVE-2026-9076", "title" : "Out-of-Bounds Read in CMS Password-Based Decryption", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-9076" ], "unique" : false }, { "id" : "CVE-2024-4741", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4741" ], "unique" : false }, { "id" : "CVE-2025-9230", "title" : "Out-of-bounds read & write in RFC 3211 KEK Unwrap", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9230" ], "unique" : false }, { "id" : "CVE-2024-0727", "title" : "PKCS12 Decoding crashes", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-0727" ], "unique" : false }, { "id" : "CVE-2025-15469", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15469" ], "unique" : false }, { "id" : "CVE-2026-22795", "title" : "Missing ASN1_TYPE validation in PKCS#12 parsing", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-22795" ], "unique" : false }, { "id" : "CVE-2026-7383", "title" : "Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-7383" ], "unique" : false }, { "id" : "CVE-2023-2975", "title" : "AES-SIV implementation ignores empty associated data entries", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-2975" ], "unique" : false }, { "id" : "CVE-2023-3446", "title" : "Excessive time spent checking DH keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3446" ], "unique" : false }, { "id" : "CVE-2023-3817", "title" : "Excessive time spent checking DH q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-3817" ], "unique" : false }, { "id" : "CVE-2023-5678", "title" : "Excessive time spent in DH check / generation with large Q parameter value", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5678" ], "unique" : false }, { "id" : "CVE-2024-4603", "title" : "Excessive time spent checking DSA keys and parameters", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-4603" ], "unique" : false }, { "id" : "CVE-2026-42766", "title" : "Possible NULL Dereference in Password-Based CMS Decryption", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-42766" ], "unique" : false }, { "id" : "CVE-2026-42767", "title" : "NULL Pointer Dereference in CRMF EncryptedValue Decryption", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-42767" ], "unique" : false }, { "id" : "CVE-2026-34180", "title" : "Heap Buffer Over-read in ASN.1 Content Parsing", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-34180" ], "unique" : false }, { "id" : "CVE-2025-68160", "title" : "Heap out-of-bounds write in BIO_f_linebuffer on short writes", "source" : "redhat-csaf", "cvssScore" : 4.7, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68160" ], "unique" : false }, { "id" : "CVE-2025-69418", "title" : "Unauthenticated/unencrypted trailing bytes with low-level OCB function calls", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-69418" ], "unique" : false }, { "id" : "CVE-2024-2511", "title" : "Unbounded memory growth with session handling in TLSv1.3", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2024-2511" ], "unique" : false }, { "id" : "CVE-2026-45446", "title" : "Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-45446" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2025-15467", "title" : "Stack buffer overflow in CMS (Auth)EnvelopedData parsing", "source" : "redhat-csaf", "cvssScore" : 9.8, "severity" : "CRITICAL", "cves" : [ "CVE-2025-15467" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/libxml2@2.9.13-3.el9_1?arch=x86_64&distro=rhel-9.2&upstream=libxml2-2.9.13-3.el9_1.src.rpm", "issues" : [ { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false }, { "id" : "CVE-2025-49794", "title" : "Libxml: heap use after free (uaf) leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49794" ], "unique" : false }, { "id" : "CVE-2025-49796", "title" : "Libxml: type confusion leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2025-49796" ], "unique" : false }, { "id" : "CVE-2024-56171", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2024-56171" ], "unique" : false }, { "id" : "CVE-2025-24928", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-24928" ], "unique" : false }, { "id" : "CVE-2025-7425", "title" : "Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-7425" ], "unique" : false }, { "id" : "CVE-2024-25062", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-25062" ], "unique" : false }, { "id" : "CVE-2025-32415", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-32415" ], "unique" : false }, { "id" : "CVE-2025-49795", "title" : "Libxml: null pointer dereference leads to denial of service (dos)", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-49795" ], "unique" : false }, { "id" : "CVE-2025-6021", "title" : "Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-6021" ], "unique" : false }, { "id" : "CVE-2025-7424", "title" : "Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2025-7424" ], "unique" : false }, { "id" : "CVE-2023-39615", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-39615" ], "unique" : false }, { "id" : "CVE-2026-6732", "title" : "Libxml2: libxml2: denial of service via crafted xsd-validated document", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6732" ], "unique" : false }, { "id" : "CVE-2025-9714", "title" : "Stack overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9714" ], "unique" : false }, { "id" : "CVE-2026-1757", "title" : "Libxml2: memory leak leading to local denial of service in xmllint interactive shell", "source" : "redhat-csaf", "cvssScore" : 6.2, "severity" : "MEDIUM", "cves" : [ "CVE-2026-1757" ], "unique" : false }, { "id" : "CVE-2022-49043", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2022-49043" ], "unique" : false }, { "id" : "CVE-2023-28484", "title" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-28484" ], "unique" : false }, { "id" : "CVE-2023-29469", "title" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-29469" ], "unique" : false }, { "id" : "CVE-2026-0990", "title" : "Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0990" ], "unique" : false }, { "id" : "CVE-2025-32414", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32414" ], "unique" : false }, { "id" : "CVE-2024-34459", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-34459" ], "unique" : false }, { "id" : "CVE-2025-26434", "title" : "In libxml2, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-26434" ], "unique" : false }, { "id" : "CVE-2026-11979", "title" : "Stack-Based Buffer Overflow in libxml2", "source" : "redhat-csaf", "cvssScore" : 4.8, "severity" : "MEDIUM", "cves" : [ "CVE-2026-11979" ], "unique" : false }, { "id" : "CVE-2026-0989", "title" : "Libxml2: unbounded relaxng include recursion leading to stack overflow", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-0989" ], "unique" : false }, { "id" : "CVE-2026-0992", "title" : "Libxml2: libxml2: denial of service via crafted xml catalogs", "source" : "redhat-csaf", "cvssScore" : 2.9, "severity" : "LOW", "cves" : [ "CVE-2026-0992" ], "unique" : false }, { "id" : "CVE-2025-6170", "title" : "Libxml2: stack buffer overflow in xmllint interactive shell command handling", "source" : "redhat-csaf", "cvssScore" : 2.5, "severity" : "LOW", "cves" : [ "CVE-2025-6170" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-40896", "title" : "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2024-40896" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/ca-certificates@2022.2.54-90.2.el9_0?arch=noarch&distro=rhel-9.2&upstream=ca-certificates-2022.2.54-90.2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2023-37920", "title" : "Certifi's removal of e-Tugra root certificate", "source" : "redhat-csaf", "cvssScore" : 9.1, "severity" : "CRITICAL", "cves" : [ "CVE-2023-37920" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/krb5-libs@1.20.1-9.el9_2?arch=x86_64&distro=rhel-9.2&upstream=krb5-1.20.1-9.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2024-3596", "title" : "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false }, { "id" : "CVE-2023-39975", "title" : "kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2023-39975" ], "unique" : false }, { "id" : "CVE-2024-26462", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-26462" ], "unique" : false }, { "id" : "CVE-2024-37370", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-37370" ], "unique" : false }, { "id" : "CVE-2023-36054", "title" : "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-36054" ], "unique" : false }, { "id" : "CVE-2024-37371", "title" : "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2024-37371" ], "unique" : false }, { "id" : "CVE-2025-24528", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-24528" ], "unique" : false }, { "id" : "CVE-2024-26458", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26458" ], "unique" : false }, { "id" : "CVE-2024-26461", "title" : "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2024-26461" ], "unique" : false }, { "id" : "CVE-2025-3576", "title" : "Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-3576" ], "unique" : false }, { "id" : "CVE-2026-40355", "title" : "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40355" ], "unique" : false }, { "id" : "CVE-2026-40356", "title" : "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-40356" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-3596", "title" : "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.", "source" : "redhat-csaf", "cvssScore" : 9.0, "severity" : "CRITICAL", "cves" : [ "CVE-2024-3596" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "title" : "Glibc: buffer overflow in ld.so leading to privilege escalation", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "title" : "Glibc: stack read overflow in getaddrinfo in no-aaaa mode", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2026-6238", "title" : "Buffer overread in ns_printrrf with corrupted RDATA field", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-6238" ], "unique" : false }, { "id" : "CVE-2023-4806", "title" : "Glibc: potential use-after-free in getaddrinfo()", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2026-3904", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3904" ], "unique" : false }, { "id" : "CVE-2026-5435", "title" : "Potential buffer overflow in ns_sprintrrf TSIG handling path", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5435" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2026-4046", "title" : "iconv crash due to assertion failure with untrusted input", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4046" ], "unique" : false }, { "id" : "CVE-2026-5450", "title" : "scanf %mc off-by-one heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5450" ], "unique" : false }, { "id" : "CVE-2026-5928", "title" : "Potential buffer under-read in ungetwc", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5928" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-minimal-langpack@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "title" : "Glibc: buffer overflow in ld.so leading to privilege escalation", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "title" : "Glibc: stack read overflow in getaddrinfo in no-aaaa mode", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "title" : "Glibc: potential use-after-free in getaddrinfo()", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2026-4046", "title" : "iconv crash due to assertion failure with untrusted input", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4046" ], "unique" : false }, { "id" : "CVE-2026-5450", "title" : "scanf %mc off-by-one heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5450" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/glibc-common@2.34-60.el9?arch=x86_64&distro=rhel-9.2&upstream=glibc-2.34-60.el9.src.rpm", "issues" : [ { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false }, { "id" : "CVE-2026-0861", "title" : "Integer overflow in memalign leads to heap corruption", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2026-0861" ], "unique" : false }, { "id" : "CVE-2023-4911", "title" : "Glibc: buffer overflow in ld.so leading to privilege escalation", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2023-4911" ], "unique" : false }, { "id" : "CVE-2024-33599", "title" : "nscd: Stack-based buffer overflow in netgroup cache", "source" : "redhat-csaf", "cvssScore" : 7.6, "severity" : "HIGH", "cves" : [ "CVE-2024-33599" ], "unique" : false }, { "id" : "CVE-2025-4802", "source" : "redhat-csaf", "cvssScore" : 7.0, "severity" : "HIGH", "cves" : [ "CVE-2025-4802" ], "unique" : false }, { "id" : "CVE-2023-4527", "title" : "Glibc: stack read overflow in getaddrinfo in no-aaaa mode", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4527" ], "unique" : false }, { "id" : "CVE-2026-4437", "title" : "gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4437" ], "unique" : false }, { "id" : "CVE-2023-4806", "title" : "Glibc: potential use-after-free in getaddrinfo()", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4806" ], "unique" : false }, { "id" : "CVE-2023-4813", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-4813" ], "unique" : false }, { "id" : "CVE-2025-15281", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-15281" ], "unique" : false }, { "id" : "CVE-2025-5702", "title" : "The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.", "source" : "redhat-csaf", "cvssScore" : 5.6, "severity" : "MEDIUM", "cves" : [ "CVE-2025-5702" ], "unique" : false }, { "id" : "CVE-2025-0395", "title" : "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "source" : "redhat-csaf", "cvssScore" : 5.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-0395" ], "unique" : false }, { "id" : "CVE-2024-33600", "title" : "nscd: Null pointer crashes after notfound response", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33600" ], "unique" : false }, { "id" : "CVE-2026-0915", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-0915" ], "unique" : false }, { "id" : "CVE-2026-4046", "title" : "iconv crash due to assertion failure with untrusted input", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4046" ], "unique" : false }, { "id" : "CVE-2026-5450", "title" : "scanf %mc off-by-one heap buffer overflow", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-5450" ], "unique" : false }, { "id" : "CVE-2025-8058", "source" : "redhat-csaf", "cvssScore" : 4.2, "severity" : "MEDIUM", "cves" : [ "CVE-2025-8058" ], "unique" : false }, { "id" : "CVE-2024-33601", "title" : "nscd: netgroup cache may terminate daemon on memory allocation failure", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33601" ], "unique" : false }, { "id" : "CVE-2024-33602", "title" : "nscd: netgroup cache assumes NSS callback uses in-buffer strings", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-33602" ], "unique" : false }, { "id" : "CVE-2026-4438", "title" : "gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2026-4438" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2024-2961", "title" : "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "source" : "redhat-csaf", "cvssScore" : 8.8, "severity" : "HIGH", "cves" : [ "CVE-2024-2961" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnupg2@2.3.3-2.el9_0?arch=x86_64&distro=rhel-9.2&upstream=gnupg2-2.3.3-2.el9_0.src.rpm", "issues" : [ { "id" : "CVE-2026-24882", "title" : "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false }, { "id" : "CVE-2025-68973", "title" : "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "source" : "redhat-csaf", "cvssScore" : 7.8, "severity" : "HIGH", "cves" : [ "CVE-2025-68973" ], "unique" : false }, { "id" : "CVE-2025-68972", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2025-68972" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-24882", "title" : "In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.", "source" : "redhat-csaf", "cvssScore" : 8.4, "severity" : "HIGH", "cves" : [ "CVE-2026-24882" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/gnutls@3.7.6-20.el9_2?arch=x86_64&distro=rhel-9.2&upstream=gnutls-3.7.6-20.el9_2.src.rpm", "issues" : [ { "id" : "CVE-2026-42013", "title" : "Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-42013" ], "unique" : false }, { "id" : "CVE-2026-5260", "title" : "Gnutls: gnutls: information disclosure via heap overread in rsa key exchange", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-5260" ], "unique" : false }, { "id" : "CVE-2024-0553", "title" : "Gnutls: incomplete fix for cve-2023-5981", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0553" ], "unique" : false }, { "id" : "CVE-2024-0567", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-0567" ], "unique" : false }, { "id" : "CVE-2026-1584", "title" : "Gnutls: gnutls: remote denial of service via crafted clienthello with invalid psk binder", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-1584" ], "unique" : false }, { "id" : "CVE-2026-33845", "title" : "Gnutls: gnutls: denial of service via dtls zero-length fragment", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-33845" ], "unique" : false }, { "id" : "CVE-2026-33846", "title" : "Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-33846" ], "unique" : false }, { "id" : "CVE-2026-42009", "title" : "Gnutls: gnutls: denial of service via dtls packet reordering vulnerability", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2026-42009" ], "unique" : false }, { "id" : "CVE-2026-42011", "title" : "Gnutls: gnutls: security bypass due to incorrect name constraint handling", "source" : "redhat-csaf", "cvssScore" : 7.4, "severity" : "HIGH", "cves" : [ "CVE-2026-42011" ], "unique" : false }, { "id" : "CVE-2026-42010", "title" : "Gnutls: gnutls: authentication bypass via nul character in username", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-42010" ], "unique" : false }, { "id" : "CVE-2026-42012", "title" : "Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans", "source" : "redhat-csaf", "cvssScore" : 7.1, "severity" : "HIGH", "cves" : [ "CVE-2026-42012" ], "unique" : false }, { "id" : "CVE-2026-42014", "title" : "Gnutls: gnutls: use-after-free in gnutls_pkcs11_token_set_pin", "source" : "redhat-csaf", "cvssScore" : 6.6, "severity" : "MEDIUM", "cves" : [ "CVE-2026-42014" ], "unique" : false }, { "id" : "CVE-2025-32988", "title" : "Gnutls: vulnerability in gnutls othername san export", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32988" ], "unique" : false }, { "id" : "CVE-2025-32990", "title" : "Gnutls: vulnerability in gnutls certtool template parsing", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32990" ], "unique" : false }, { "id" : "CVE-2025-6395", "title" : "Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2025-6395" ], "unique" : false }, { "id" : "CVE-2026-3833", "title" : "Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison", "source" : "redhat-csaf", "cvssScore" : 6.5, "severity" : "MEDIUM", "cves" : [ "CVE-2026-3833" ], "unique" : false }, { "id" : "CVE-2023-5981", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-5981" ], "unique" : false }, { "id" : "CVE-2024-12243", "title" : "Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-12243" ], "unique" : false }, { "id" : "CVE-2024-28834", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28834" ], "unique" : false }, { "id" : "CVE-2025-14831", "title" : "Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-14831" ], "unique" : false }, { "id" : "CVE-2025-32989", "title" : "Gnutls: vulnerability in gnutls sct extension parsing", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2025-32989" ], "unique" : false }, { "id" : "CVE-2026-42015", "title" : "Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling", "source" : "redhat-csaf", "cvssScore" : 5.3, "severity" : "MEDIUM", "cves" : [ "CVE-2026-42015" ], "unique" : false }, { "id" : "CVE-2024-28835", "title" : "Gnutls: potential crash during chain building/verification", "source" : "redhat-csaf", "cvssScore" : 5.0, "severity" : "MEDIUM", "cves" : [ "CVE-2024-28835" ], "unique" : false }, { "id" : "CVE-2025-9820", "title" : "Gnutls: stack-based buffer overflow in gnutls_pkcs11_token_init() function", "source" : "redhat-csaf", "cvssScore" : 4.0, "severity" : "MEDIUM", "cves" : [ "CVE-2025-9820" ], "unique" : false }, { "id" : "CVE-2026-3832", "title" : "Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-3832" ], "unique" : false }, { "id" : "CVE-2026-5419", "title" : "Gnutls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal", "source" : "redhat-csaf", "cvssScore" : 3.7, "severity" : "LOW", "cves" : [ "CVE-2026-5419" ], "unique" : false } ], "highestVulnerability" : { "id" : "CVE-2026-42013", "title" : "Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name", "source" : "redhat-csaf", "cvssScore" : 8.2, "severity" : "HIGH", "cves" : [ "CVE-2026-42013" ], "unique" : false } }, { "ref" : "pkg:rpm/redhat/curl-minimal@7.76.1-23.el9_2.1?arch=x86_64&distro=rhel-9.2&upstream=curl-7.76.1-23.el9_2.1.src.rpm", "issues" : [ { "id" : "CVE-2023-38545", "title" : "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.", "source" : "redhat-csaf", "cvssScore" : 8.1, "severity" : "HIGH", "cves" : [ "CVE-2023-38545" ], "unique" : false }, { "id" : "CVE-2024-2398", "title" : "HTTP/2 push headers memory-leak", "source" : "redhat-csaf", "cvssScore" : 7.5, "severity" : "HIGH", "cves" : [ "CVE-2024-2398" ], "unique" : false }, { "id" : "CVE-2023-27536", "title" : "An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "source" : "redhat-csaf", "cvssScore" : 5.9, "severity" : "MEDIUM", "cves" : [ "CVE-2023-27536" ], "unique" : false }, { "id" : "CVE-2023-28321", "title" : "An improper certificate validation vulnerability exists in curl