{ "matches": [ { "vulnerability": { "id": "CVE-2024-34459", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-34459", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-34459", "epss": 0.03141, "percentile": 0.86926, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-34459", "cwe": "CWE-122", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 1.3349250000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2024-34459", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" ], "description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-34459", "epss": 0.03141, "percentile": 0.86926, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-34459", "cwe": "CWE-122", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libxml2", "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2024-34459", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "79cdbcbd3d61afd9", "name": "libxml2", "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2023-2953", "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 7.1, "exploitabilityScore": 2.9, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-2953", "epss": 0.01419, "percentile": 0.80641, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", "type": "Secondary" }, { "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Secondary" }, { "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.716595 }, "relatedVulnerabilities": [ { "id": "CVE-2023-2953", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", "severity": "High", "urls": [ "http://seclists.org/fulldisclosure/2023/Jul/47", "http://seclists.org/fulldisclosure/2023/Jul/48", "http://seclists.org/fulldisclosure/2023/Jul/52", "https://access.redhat.com/security/cve/CVE-2023-2953", "https://bugs.openldap.org/show_bug.cgi?id=9904", "https://security.netapp.com/advisory/ntap-20230703-0005/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845" ], "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-2953", "epss": 0.01419, "percentile": 0.80641, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", "type": "Secondary" }, { "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Secondary" }, { "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openldap", "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2023-2953", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f8bdc202e20abd5b", "name": "openldap", "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "OLDAP-2.8" ], "cpes": [ "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-11053", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-11053", "epss": 0.00949, "percentile": 0.7643, "date": "2026-04-27" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2024-11053", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://curl.se/docs/CVE-2024-11053.html", "https://curl.se/docs/CVE-2024-11053.json", "https://hackerone.com/reports/2829063", "http://www.openwall.com/lists/oss-security/2024/12/11/1", "https://security.netapp.com/advisory/ntap-20250124-0012/", "https://security.netapp.com/advisory/ntap-20250131-0003/", "https://security.netapp.com/advisory/ntap-20250131-0004/" ], "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { "baseScore": 3.4, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-11053", "epss": 0.00949, "percentile": 0.7643, "date": "2026-04-27" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "832573eaa261ddca", "name": "curl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-11053", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-11053", "epss": 0.00949, "percentile": 0.7643, "date": "2026-04-27" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2024-11053", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://curl.se/docs/CVE-2024-11053.html", "https://curl.se/docs/CVE-2024-11053.json", "https://hackerone.com/reports/2829063", "http://www.openwall.com/lists/oss-security/2024/12/11/1", "https://security.netapp.com/advisory/ntap-20250124-0012/", "https://security.netapp.com/advisory/ntap-20250131-0003/", "https://security.netapp.com/advisory/ntap-20250131-0004/" ], "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "metrics": { "baseScore": 3.4, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-11053", "epss": 0.00949, "percentile": 0.7643, "date": "2026-04-27" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2024-11053", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "17f6388a8875d95e", "name": "libcurl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-7264", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-7264", "epss": 0.00882, "percentile": 0.75467, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-7264", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.36603 }, "relatedVulnerabilities": [ { "id": "CVE-2024-7264", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://www.openwall.com/lists/oss-security/2024/07/31/1", "https://curl.se/docs/CVE-2024-7264.html", "https://curl.se/docs/CVE-2024-7264.json", "https://hackerone.com/reports/2629968", "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", "https://security.netapp.com/advisory/ntap-20240828-0008/", "https://security.netapp.com/advisory/ntap-20241025-0006/", "https://security.netapp.com/advisory/ntap-20241025-0010/" ], "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 6.3, "exploitabilityScore": 2.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-7264", "epss": 0.00882, "percentile": 0.75467, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-7264", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "832573eaa261ddca", "name": "curl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-7264", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-7264", "epss": 0.00882, "percentile": 0.75467, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-7264", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.36603 }, "relatedVulnerabilities": [ { "id": "CVE-2024-7264", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://www.openwall.com/lists/oss-security/2024/07/31/1", "https://curl.se/docs/CVE-2024-7264.html", "https://curl.se/docs/CVE-2024-7264.json", "https://hackerone.com/reports/2629968", "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", "https://security.netapp.com/advisory/ntap-20240828-0008/", "https://security.netapp.com/advisory/ntap-20241025-0006/", "https://security.netapp.com/advisory/ntap-20241025-0010/" ], "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 6.3, "exploitabilityScore": 2.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-7264", "epss": 0.00882, "percentile": 0.75467, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-7264", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "17f6388a8875d95e", "name": "libcurl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-9681", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 3.9, "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-9681", "epss": 0.00725, "percentile": 0.72645, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-9681", "cwe": "CWE-697", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.250125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-9681", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2024-9681.html", "https://curl.se/docs/CVE-2024-9681.json", "https://hackerone.com/reports/2764830", "http://seclists.org/fulldisclosure/2025/Apr/10", "http://seclists.org/fulldisclosure/2025/Apr/11", "http://seclists.org/fulldisclosure/2025/Apr/12", "http://seclists.org/fulldisclosure/2025/Apr/13", "http://seclists.org/fulldisclosure/2025/Apr/4", "http://seclists.org/fulldisclosure/2025/Apr/5", "http://seclists.org/fulldisclosure/2025/Apr/8", "http://seclists.org/fulldisclosure/2025/Apr/9", "http://www.openwall.com/lists/oss-security/2024/11/06/2", "https://security.netapp.com/advisory/ntap-20241213-0006/", "https://github.com/curl/curl/commit/7385610d0c74c6a25", "https://github.com/curl/curl/commit/a94973805df96269bf" ], "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.3, "impactScore": 4.3 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-9681", "epss": 0.00725, "percentile": 0.72645, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-9681", "cwe": "CWE-697", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "832573eaa261ddca", "name": "curl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-9681", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-9681", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 3.9, "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-9681", "epss": 0.00725, "percentile": 0.72645, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-9681", "cwe": "CWE-697", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.250125 }, "relatedVulnerabilities": [ { "id": "CVE-2024-9681", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2024-9681.html", "https://curl.se/docs/CVE-2024-9681.json", "https://hackerone.com/reports/2764830", "http://seclists.org/fulldisclosure/2025/Apr/10", "http://seclists.org/fulldisclosure/2025/Apr/11", "http://seclists.org/fulldisclosure/2025/Apr/12", "http://seclists.org/fulldisclosure/2025/Apr/13", "http://seclists.org/fulldisclosure/2025/Apr/4", "http://seclists.org/fulldisclosure/2025/Apr/5", "http://seclists.org/fulldisclosure/2025/Apr/8", "http://seclists.org/fulldisclosure/2025/Apr/9", "http://www.openwall.com/lists/oss-security/2024/11/06/2", "https://security.netapp.com/advisory/ntap-20241213-0006/", "https://github.com/curl/curl/commit/7385610d0c74c6a25", "https://github.com/curl/curl/commit/a94973805df96269bf" ], "description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.3, "impactScore": 4.3 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-9681", "epss": 0.00725, "percentile": 0.72645, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-9681", "cwe": "CWE-697", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2024-9681", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "17f6388a8875d95e", "name": "libcurl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-41996", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-41996", "epss": 0.00438, "percentile": 0.63145, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-41996", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.19491000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2024-41996", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://dheatattack.gitlab.io/details/", "https://dheatattack.gitlab.io/faq/", "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-41996", "epss": 0.00438, "percentile": 0.63145, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-41996", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "1:3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "019f13958fa4dc68", "name": "openssl", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-41996", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-41996", "epss": 0.00438, "percentile": 0.63145, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-41996", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.19491000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2024-41996", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://dheatattack.gitlab.io/details/", "https://dheatattack.gitlab.io/faq/", "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-41996", "epss": 0.00438, "percentile": 0.63145, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-41996", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "15b6910272a6e502", "name": "openssl-libs", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.1-7.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-3360", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-3360", "epss": 0.00392, "percentile": 0.60235, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.13132 }, "relatedVulnerabilities": [ { "id": "CVE-2025-3360", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-3360", "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-3360", "epss": 0.00392, "percentile": 0.60235, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glib2", "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "008c1c343332e76a", "name": "glib2", "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-2100", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2100", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2100", "epss": 0.00173, "percentile": 0.38442, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2100", "cwe": "CWE-824", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.08909500000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-2100", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2100", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7065", "https://access.redhat.com/security/cve/CVE-2026-2100", "https://bugzilla.redhat.com/show_bug.cgi?id=2437308", "https://github.com/p11-glue/p11-kit/pull/740" ], "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2100", "epss": 0.00173, "percentile": 0.38442, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2100", "cwe": "CWE-824", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "p11-kit", "version": "0:0.25.3-3.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-2100", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "39edf0f240a77402", "name": "p11-kit", "version": "0.25.3-3.el9_5", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-3-Clause" ], "cpes": [ "cpe:2.3:a:p11-kit:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:p11-kit:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:p11_kit:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:p11_kit:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:p11:p11-kit:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:p11:p11_kit:0.25.3-3.el9_5:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/p11-kit@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&upstream=p11-kit-0.25.3-3.el9_5.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-2100", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2100", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2100", "epss": 0.00173, "percentile": 0.38442, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2100", "cwe": "CWE-824", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.08909500000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-2100", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2100", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7065", "https://access.redhat.com/security/cve/CVE-2026-2100", "https://bugzilla.redhat.com/show_bug.cgi?id=2437308", "https://github.com/p11-glue/p11-kit/pull/740" ], "description": "A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2100", "epss": 0.00173, "percentile": 0.38442, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2100", "cwe": "CWE-824", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "p11-kit", "version": "0.25.3-3.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-2100", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "546bedf3e2fa6b85", "name": "p11-kit-trust", "version": "0.25.3-3.el9_5", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD-3-Clause" ], "cpes": [ "cpe:2.3:a:p11-kit-trust:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:p11-kit-trust:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:p11_kit_trust:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:p11_kit_trust:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:p11-kit:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:p11-kit:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:p11_kit:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:p11_kit:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:p11:p11-kit-trust:0.25.3-3.el9_5:*:*:*:*:*:*:*", "cpe:2.3:a:p11:p11_kit_trust:0.25.3-3.el9_5:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/p11-kit-trust@0.25.3-3.el9_5?arch=x86_64&distro=rhel-9.7&upstream=p11-kit-0.25.3-3.el9_5.src.rpm", "upstreams": [ { "name": "p11-kit", "version": "0.25.3-3.el9_5" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4426", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4426", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4426", "epss": 0.00133, "percentile": 0.3262, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4426", "cwe": "CWE-1335", "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.07647499999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4426", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4426", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-4426", "https://bugzilla.redhat.com/show_bug.cgi?id=2449010", "https://github.com/libarchive/libarchive/pull/2897" ], "description": "A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4426", "epss": 0.00133, "percentile": 0.3262, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4426", "cwe": "CWE-1335", "source": "secalert@redhat.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libarchive", "version": "0:3.5.3-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4426", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "495577a1e778f374", "name": "libarchive", "version": "3.5.3-9.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.5.3-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-9.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2023-32636", "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.2, "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-32636", "epss": 0.00165, "percentile": 0.37235, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-32636", "cwe": "CWE-400", "source": "secalert@redhat.com", "type": "Secondary" }, { "cve": "CVE-2023-32636", "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0759 }, "relatedVulnerabilities": [ { "id": "CVE-2023-32636", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", "https://security.netapp.com/advisory/ntap-20231110-0002/" ], "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-32636", "epss": 0.00165, "percentile": 0.37235, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-32636", "cwe": "CWE-400", "source": "secalert@redhat.com", "type": "Secondary" }, { "cve": "CVE-2023-32636", "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glib2", "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "008c1c343332e76a", "name": "glib2", "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-5278", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 4.4, "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5278", "epss": 0.0013, "percentile": 0.32091, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-5278", "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0611 }, "relatedVulnerabilities": [ { "id": "CVE-2025-5278", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-5278", "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", "http://www.openwall.com/lists/oss-security/2025/05/27/2", "http://www.openwall.com/lists/oss-security/2025/05/29/1", "http://www.openwall.com/lists/oss-security/2025/05/29/2", "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 4.4, "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5278", "epss": 0.0013, "percentile": 0.32091, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-5278", "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "coreutils", "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "8ef168befafd7b27", "name": "coreutils-single", "version": "8.32-39.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPLv3+" ], "cpes": [ "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { "name": "coreutils", "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-5915", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 6.6, "exploitabilityScore": 1.4, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5915", "epss": 0.0009, "percentile": 0.25402, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-5915", "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.043199999999999995 }, "relatedVulnerabilities": [ { "id": "CVE-2025-5915", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-5915", "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", "https://github.com/libarchive/libarchive/pull/2599", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 6.6, "exploitabilityScore": 1.4, "impactScore": 5.2 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 6.6, "exploitabilityScore": 1.4, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5915", "epss": 0.0009, "percentile": 0.25402, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-5915", "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libarchive", "version": "0:3.5.3-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "495577a1e778f374", "name": "libarchive", "version": "3.5.3-9.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.5.3-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-9.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-14512", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14512", "epss": 0.00075, "percentile": 0.22281, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.043125 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14512", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7461", "https://access.redhat.com/security/cve/CVE-2025-14512", "https://bugzilla.redhat.com/show_bug.cgi?id=2421339", "https://gitlab.gnome.org/GNOME/glib/-/issues/3845" ], "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14512", "epss": 0.00075, "percentile": 0.22281, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glib2", "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "008c1c343332e76a", "name": "glib2", "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-5918", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 3.9, "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5918", "epss": 0.00113, "percentile": 0.29616, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.038985 }, "relatedVulnerabilities": [ { "id": "CVE-2025-5918", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-5918", "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", "https://github.com/libarchive/libarchive/pull/2584", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 6.6, "exploitabilityScore": 1.4, "impactScore": 5.2 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 3.9, "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5918", "epss": 0.00113, "percentile": 0.29616, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libarchive", "version": "0:3.5.3-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "495577a1e778f374", "name": "libarchive", "version": "3.5.3-9.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.5.3-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-9.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-29478", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-29478", "epss": 0.00071, "percentile": 0.21474, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-29478", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "" }, "advisories": [], "risk": 0.037275 }, "relatedVulnerabilities": [], "matchDetails": [ { "type": "cpe-match", "matcher": "stock-matcher", "searchedBy": { "namespace": "nvd:cpe", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:25.10.22:*:*:*:*:*:*:*" ], "package": { "name": "fluent-bit", "version": "25.10.22" } }, "found": { "vulnerabilityID": "CVE-2025-29478", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" ] } } ], "artifact": { "id": "653031f13a8abdf3", "name": "fluent-bit", "version": "25.10.22", "type": "binary", "locations": [ { "path": "/fluent-bit/bin/fluent-bit", "layerID": "sha256:36417b1d868228bc077eeab93ad8cb5628a7e3560d2f5d3853bde43c1d74ac3f", "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:25.10.22:*:*:*:*:*:*:*" ], "purl": "pkg:github/fluent/fluent-bit@25.10.22", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2026-1965", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.8, "exploitabilityScore": 1.7, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1965", "epss": 0.00062, "percentile": 0.19122, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-1965", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.03658 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1965", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-1965.html", "https://curl.se/docs/CVE-2026-1965.json" ], "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1965", "epss": 0.00062, "percentile": 0.19122, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-1965", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "832573eaa261ddca", "name": "curl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-1965", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1965", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the authentication of a previous user, leading to an authentication bypass.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.8, "exploitabilityScore": 1.7, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1965", "epss": 0.00062, "percentile": 0.19122, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-1965", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.03658 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1965", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-1965.html", "https://curl.se/docs/CVE-2026-1965.json" ], "description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1965", "epss": 0.00062, "percentile": 0.19122, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-1965", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-1965", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "17f6388a8875d95e", "name": "libcurl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-5916", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 3.9, "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5916", "epss": 0.00102, "percentile": 0.27682, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-5916", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.03519 }, "relatedVulnerabilities": [ { "id": "CVE-2025-5916", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-5916", "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5.6, "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 3.9, "exploitabilityScore": 1.4, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5916", "epss": 0.00102, "percentile": 0.27682, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-5916", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libarchive", "version": "0:3.5.3-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "495577a1e778f374", "name": "libarchive", "version": "3.5.3-9.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.5.3-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-9.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-5917", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.8, "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5917", "epss": 0.00117, "percentile": 0.30242, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-5917", "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.03393 }, "relatedVulnerabilities": [ { "id": "CVE-2025-5917", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-5917", "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.8, "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-5917", "epss": 0.00117, "percentile": 0.30242, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-5917", "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libarchive", "version": "0:3.5.3-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "495577a1e778f374", "name": "libarchive", "version": "3.5.3-9.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.5.3-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-9.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-0990", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0990", "epss": 0.00062, "percentile": 0.19064, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-0990", "cwe": "CWE-674", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.03379 }, "relatedVulnerabilities": [ { "id": "CVE-2026-0990", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2026-0990", "https://bugzilla.redhat.com/show_bug.cgi?id=2429959", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018" ], "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0990", "epss": 0.00062, "percentile": 0.19064, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-0990", "cwe": "CWE-674", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libxml2", "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "79cdbcbd3d61afd9", "name": "libxml2", "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-15224", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15224", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in libcurl. When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15224", "epss": 0.00084, "percentile": 0.24368, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15224", "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.03234 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15224", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://curl.se/docs/CVE-2025-15224.html", "https://curl.se/docs/CVE-2025-15224.json", "https://hackerone.com/reports/3480925", "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15224", "epss": 0.00084, "percentile": 0.24368, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15224", "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "832573eaa261ddca", "name": "curl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-15224", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15224", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in libcurl. When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15224", "epss": 0.00084, "percentile": 0.24368, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15224", "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.03234 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15224", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://curl.se/docs/CVE-2025-15224.html", "https://curl.se/docs/CVE-2025-15224.json", "https://hackerone.com/reports/3480925", "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15224", "epss": 0.00084, "percentile": 0.24368, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15224", "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "17f6388a8875d95e", "name": "libcurl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-14087", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14087", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 5.6, "exploitabilityScore": 2.3, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14087", "epss": 0.00059, "percentile": 0.18236, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.03127 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14087", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7461", "https://access.redhat.com/security/cve/CVE-2025-14087", "https://bugzilla.redhat.com/show_bug.cgi?id=2419093", "https://gitlab.gnome.org/GNOME/glib/-/issues/3834" ], "description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 5.6, "exploitabilityScore": 2.3, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14087", "epss": 0.00059, "percentile": 0.18236, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glib2", "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-14087", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "008c1c343332e76a", "name": "glib2", "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2023-45322", "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-45322", "epss": 0.0007, "percentile": 0.21341, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-45322", "cwe": "CWE-416", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.031150000000000004 }, "relatedVulnerabilities": [ { "id": "CVE-2023-45322", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "http://www.openwall.com/lists/oss-security/2023/10/06/5", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-45322", "epss": 0.0007, "percentile": 0.21341, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-45322", "cwe": "CWE-416", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libxml2", "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "79cdbcbd3d61afd9", "name": "libxml2", "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4437", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4437", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4437", "epss": 0.0005, "percentile": 0.15538, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4437", "cwe": "CWE-125", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.028749999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4437", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=34014" ], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4437", "epss": 0.0005, "percentile": 0.15538, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4437", "cwe": "CWE-125", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "0:2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4437", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d41f8063e44e2263", "name": "glibc", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4437", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4437", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4437", "epss": 0.0005, "percentile": 0.15538, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4437", "cwe": "CWE-125", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.028749999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4437", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=34014" ], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4437", "epss": 0.0005, "percentile": 0.15538, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4437", "cwe": "CWE-125", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4437", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "1135b72e9fa314da", "name": "glibc-common", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4437", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4437", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4437", "epss": 0.0005, "percentile": 0.15538, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4437", "cwe": "CWE-125", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.028749999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4437", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=34014" ], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4437", "epss": 0.0005, "percentile": 0.15538, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4437", "cwe": "CWE-125", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4437", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4658d483d1634f16", "name": "glibc-langpack-en", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4437", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4437", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4437", "epss": 0.0005, "percentile": 0.15538, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4437", "cwe": "CWE-125", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.028749999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4437", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=34014" ], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4437", "epss": 0.0005, "percentile": 0.15538, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4437", "cwe": "CWE-125", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4437", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "81f30677c0ddeeec", "name": "glibc-minimal-langpack", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-27113", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-27113", "epss": 0.00094, "percentile": 0.26012, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" }, { "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.028669999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2025-27113", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", "http://seclists.org/fulldisclosure/2025/Apr/10", "http://seclists.org/fulldisclosure/2025/Apr/11", "http://seclists.org/fulldisclosure/2025/Apr/12", "http://seclists.org/fulldisclosure/2025/Apr/13", "http://seclists.org/fulldisclosure/2025/Apr/4", "http://seclists.org/fulldisclosure/2025/Apr/5", "http://seclists.org/fulldisclosure/2025/Apr/8", "http://seclists.org/fulldisclosure/2025/Apr/9", "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", "https://security.netapp.com/advisory/ntap-20250306-0004/" ], "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-27113", "epss": 0.00094, "percentile": 0.26012, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" }, { "cve": "CVE-2025-27113", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libxml2", "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "79cdbcbd3d61afd9", "name": "libxml2", "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-28386", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-28386", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in openssl. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support may experience a Denial of Service (DoS). This occurs when processing partial cipher blocks, specifically if the input buffer ends at a memory page boundary and the subsequent page is unmapped. This can lead to an out-of-bounds read of up to 15 bytes and a potential application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28386", "epss": 0.00052, "percentile": 0.16091, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28386", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.02834 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28386", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28386", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: Applications using AES-CFB128 encryption or decryption on\nsystems with AVX-512 and VAES support can trigger an out-of-bounds read\nof up to 15 bytes when processing partial cipher blocks.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not written to output.\n\nThe vulnerable code path is only reached when processing partial blocks\n(when a previous call left an incomplete block and the current call provides\nfewer bytes than needed to complete it). Additionally, the input buffer\nmust be positioned at a page boundary with the following page unmapped.\nCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\nChaCha20-Poly1305 instead. For these reasons the issue was assessed as\nLow severity according to our Security Policy.\n\nOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\nOther architectures and systems without VAES support use different code\npaths that are not affected.\n\nOpenSSL FIPS module in 3.6 version is affected by this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 9.1, "exploitabilityScore": 3.9, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28386", "epss": 0.00052, "percentile": 0.16091, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28386", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "1:3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-28386", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "019f13958fa4dc68", "name": "openssl", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-28386", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-28386", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in openssl. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support may experience a Denial of Service (DoS). This occurs when processing partial cipher blocks, specifically if the input buffer ends at a memory page boundary and the subsequent page is unmapped. This can lead to an out-of-bounds read of up to 15 bytes and a potential application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28386", "epss": 0.00052, "percentile": 0.16091, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28386", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.02834 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28386", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28386", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: Applications using AES-CFB128 encryption or decryption on\nsystems with AVX-512 and VAES support can trigger an out-of-bounds read\nof up to 15 bytes when processing partial cipher blocks.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not written to output.\n\nThe vulnerable code path is only reached when processing partial blocks\n(when a previous call left an incomplete block and the current call provides\nfewer bytes than needed to complete it). Additionally, the input buffer\nmust be positioned at a page boundary with the following page unmapped.\nCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\nChaCha20-Poly1305 instead. For these reasons the issue was assessed as\nLow severity according to our Security Policy.\n\nOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\nOther architectures and systems without VAES support use different code\npaths that are not affected.\n\nOpenSSL FIPS module in 3.6 version is affected by this issue.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 9.1, "exploitabilityScore": 3.9, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28386", "epss": 0.00052, "percentile": 0.16091, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28386", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-28386", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "15b6910272a6e502", "name": "openssl-libs", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.1-7.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-34743", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-34743", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in XZ Utils. When the `lzma_index_decoder()` function processes an empty index, and a subsequent `lzma_index_append()` operation is performed, insufficient memory is allocated. This can lead to a buffer overflow, potentially causing a denial of service (DoS) for affected systems.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34743", "epss": 0.00055, "percentile": 0.17176, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-34743", "cwe": "CWE-122", "source": "security-advisories@github.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.028325000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2026-34743", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "http://www.openwall.com/lists/oss-security/2026/03/31/13" ], "description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "security-advisories@github.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 1.7 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-34743", "epss": 0.00055, "percentile": 0.17176, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-34743", "cwe": "CWE-122", "source": "security-advisories@github.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "xz", "version": "5.2.5-8.el9_0" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-34743", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f3e667a0375f3959", "name": "xz-libs", "version": "5.2.5-8.el9_0", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Public Domain" ], "cpes": [ "cpe:2.3:a:xz-libs:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", "cpe:2.3:a:xz-libs:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", "cpe:2.3:a:xz_libs:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", "cpe:2.3:a:xz_libs:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", "cpe:2.3:a:xz:xz-libs:5.2.5-8.el9_0:*:*:*:*:*:*:*", "cpe:2.3:a:xz:xz_libs:5.2.5-8.el9_0:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/xz-libs@5.2.5-8.el9_0?arch=x86_64&distro=rhel-9.7&upstream=xz-5.2.5-8.el9_0.src.rpm", "upstreams": [ { "name": "xz", "version": "5.2.5-8.el9_0" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-13176", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-13176", "epss": 0.00073, "percentile": 0.22008, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-13176", "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2024-13176", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", "https://openssl-library.org/news/secadv/20250120.txt", "http://www.openwall.com/lists/oss-security/2025/01/20/2", "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", "https://security.netapp.com/advisory/ntap-20250124-0005/", "https://security.netapp.com/advisory/ntap-20250418-0010/", "https://security.netapp.com/advisory/ntap-20250502-0006/" ], "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 4.1, "exploitabilityScore": 0.7, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-13176", "epss": 0.00073, "percentile": 0.22008, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-13176", "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "1:3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "019f13958fa4dc68", "name": "openssl", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-13176", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-13176", "epss": 0.00073, "percentile": 0.22008, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-13176", "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2024-13176", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", "https://openssl-library.org/news/secadv/20250120.txt", "http://www.openwall.com/lists/oss-security/2025/01/20/2", "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", "https://security.netapp.com/advisory/ntap-20250124-0005/", "https://security.netapp.com/advisory/ntap-20250418-0010/", "https://security.netapp.com/advisory/ntap-20250502-0006/" ], "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 4.1, "exploitabilityScore": 0.7, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-13176", "epss": 0.00073, "percentile": 0.22008, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-13176", "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "15b6910272a6e502", "name": "openssl-libs", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.1-7.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-29477", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 0.8, "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-29477", "epss": 0.00053, "percentile": 0.16528, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-29477", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "" }, "advisories": [], "risk": 0.027825000000000003 }, "relatedVulnerabilities": [], "matchDetails": [ { "type": "cpe-match", "matcher": "stock-matcher", "searchedBy": { "namespace": "nvd:cpe", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:25.10.22:*:*:*:*:*:*:*" ], "package": { "name": "fluent-bit", "version": "25.10.22" } }, "found": { "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" ] } } ], "artifact": { "id": "653031f13a8abdf3", "name": "fluent-bit", "version": "25.10.22", "type": "binary", "locations": [ { "path": "/fluent-bit/bin/fluent-bit", "layerID": "sha256:36417b1d868228bc077eeab93ad8cb5628a7e3560d2f5d3853bde43c1d74ac3f", "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [], "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:25.10.22:*:*:*:*:*:*:*" ], "purl": "pkg:github/fluent/fluent-bit@25.10.22", "upstreams": [] } }, { "vulnerability": { "id": "CVE-2025-13151", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13151", "epss": 0.00062, "percentile": 0.19196, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-13151", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.027590000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2025-13151", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://gitlab.com/gnutls/libtasn1", "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", "http://www.openwall.com/lists/oss-security/2026/01/08/5", "https://www.kb.cert.org/vuls/id/271649" ], "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13151", "epss": 0.00062, "percentile": 0.19196, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-13151", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libtasn1", "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-13151", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4fbfd80d85bb460e", "name": "libtasn1", "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPLv3+ and LGPLv2+" ], "cpes": [ "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5450", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5450", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00049, "percentile": 0.1526, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0245 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5450", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450" ], "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00049, "percentile": 0.1526, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "0:2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-5450", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d41f8063e44e2263", "name": "glibc", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5450", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5450", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00049, "percentile": 0.1526, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0245 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5450", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450" ], "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00049, "percentile": 0.1526, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-5450", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "1135b72e9fa314da", "name": "glibc-common", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5450", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5450", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00049, "percentile": 0.1526, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0245 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5450", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450" ], "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00049, "percentile": 0.1526, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-5450", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4658d483d1634f16", "name": "glibc-langpack-en", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5450", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5450", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00049, "percentile": 0.1526, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0245 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5450", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450" ], "description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5450", "epss": 0.00049, "percentile": 0.1526, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5450", "cwe": "CWE-122", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-5450", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-5450", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "81f30677c0ddeeec", "name": "glibc-minimal-langpack", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-0988", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0988", "epss": 0.00073, "percentile": 0.21833, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-0988", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.024454999999999994 }, "relatedVulnerabilities": [ { "id": "CVE-2026-0988", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7461", "https://access.redhat.com/security/cve/CVE-2026-0988", "https://bugzilla.redhat.com/show_bug.cgi?id=2429886", "https://gitlab.gnome.org/GNOME/glib/-/issues/3851" ], "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0988", "epss": 0.00073, "percentile": 0.21833, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-0988", "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glib2", "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "008c1c343332e76a", "name": "glib2", "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2023-50495", "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, "percentile": 0.15701, "date": "2026-04-27" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.024225 }, "relatedVulnerabilities": [ { "id": "CVE-2023-50495", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", "https://security.netapp.com/advisory/ntap-20240119-0008/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, "percentile": 0.15701, "date": "2026-04-27" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "ncurses", "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "0215995764e9f654", "name": "ncurses-base", "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { "name": "ncurses", "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2023-50495", "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, "percentile": 0.15701, "date": "2026-04-27" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.024225 }, "relatedVulnerabilities": [ { "id": "CVE-2023-50495", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", "https://security.netapp.com/advisory/ntap-20240119-0008/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, "percentile": 0.15701, "date": "2026-04-27" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "ncurses", "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "9dc1b34cdde2c695", "name": "ncurses-libs", "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { "name": "ncurses", "version": "6.2-12.20210508.el9" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5928", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5928", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00046, "percentile": 0.14108, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.023 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5928", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=33998" ], "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00046, "percentile": 0.14108, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "0:2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-5928", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d41f8063e44e2263", "name": "glibc", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5928", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5928", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00046, "percentile": 0.14108, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.023 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5928", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=33998" ], "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00046, "percentile": 0.14108, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-5928", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "1135b72e9fa314da", "name": "glibc-common", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5928", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5928", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00046, "percentile": 0.14108, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.023 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5928", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=33998" ], "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00046, "percentile": 0.14108, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-5928", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4658d483d1634f16", "name": "glibc-langpack-en", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5928", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5928", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc (GNU C Library). When the `ungetwc` function is called on a file stream using wide characters with specific overlapping single-byte and multi-byte encodings, it may attempt to read data outside of its allocated buffer. This can lead to the unintentional disclosure of sensitive information from memory or cause the program to crash, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 5, "exploitabilityScore": 0.8, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00046, "percentile": 0.14108, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.023 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5928", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=33998" ], "description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5928", "epss": 0.00046, "percentile": 0.14108, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5928", "cwe": "CWE-127", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-5928", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "81f30677c0ddeeec", "name": "glibc-minimal-langpack", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4046", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4046", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4046", "epss": 0.00044, "percentile": 0.13296, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4046", "cwe": "CWE-617", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.02266 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4046", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=33980", "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD" ], "description": "The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.\n\n\n\nThis vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4046", "epss": 0.00044, "percentile": 0.13296, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4046", "cwe": "CWE-617", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "0:2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4046", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d41f8063e44e2263", "name": "glibc", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4046", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4046", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4046", "epss": 0.00044, "percentile": 0.13296, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4046", "cwe": "CWE-617", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.02266 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4046", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=33980", "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD" ], "description": "The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.\n\n\n\nThis vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4046", "epss": 0.00044, "percentile": 0.13296, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4046", "cwe": "CWE-617", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4046", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "1135b72e9fa314da", "name": "glibc-common", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4046", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4046", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4046", "epss": 0.00044, "percentile": 0.13296, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4046", "cwe": "CWE-617", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.02266 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4046", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=33980", "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD" ], "description": "The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.\n\n\n\nThis vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4046", "epss": 0.00044, "percentile": 0.13296, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4046", "cwe": "CWE-617", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4046", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4658d483d1634f16", "name": "glibc-langpack-en", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4046", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4046", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4046", "epss": 0.00044, "percentile": 0.13296, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4046", "cwe": "CWE-617", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.02266 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4046", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u", "https://sourceware.org/bugzilla/show_bug.cgi?id=33980", "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD" ], "description": "The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.\n\n\n\nThis vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4046", "epss": 0.00044, "percentile": 0.13296, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4046", "cwe": "CWE-617", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4046", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "81f30677c0ddeeec", "name": "glibc-minimal-langpack", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-14819", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14819", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in libcurl. When handling secure connections (TLS) and reusing connection settings, libcurl could incorrectly apply a cached security setting related to certificate chain validation. This could allow libcurl to accept a server's security certificate that it should have otherwise rejected, potentially compromising the integrity of the secure connection.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.8, "exploitabilityScore": 1.7, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14819", "epss": 0.00045, "percentile": 0.13821, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14819", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.02205 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14819", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14819.html", "https://curl.se/docs/CVE-2025-14819.json", "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14819", "epss": 0.00045, "percentile": 0.13821, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14819", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-14819", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "832573eaa261ddca", "name": "curl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-14819", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14819", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in libcurl. When handling secure connections (TLS) and reusing connection settings, libcurl could incorrectly apply a cached security setting related to certificate chain validation. This could allow libcurl to accept a server's security certificate that it should have otherwise rejected, potentially compromising the integrity of the secure connection.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.8, "exploitabilityScore": 1.7, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14819", "epss": 0.00045, "percentile": 0.13821, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14819", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.02205 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14819", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14819.html", "https://curl.se/docs/CVE-2025-14819.json", "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14819", "epss": 0.00045, "percentile": 0.13821, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14819", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-14819", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "17f6388a8875d95e", "name": "libcurl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2022-27943", "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-27943", "epss": 0.0005, "percentile": 0.15344, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-27943", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.02125 }, "relatedVulnerabilities": [ { "id": "CVE-2022-27943", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 4.3, "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-27943", "epss": 0.0005, "percentile": 0.15344, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-27943", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "gcc", "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "06e2c48d975ea1da", "name": "libgcc", "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ "cpe:2.3:a:libgcc:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libgcc:11.5.0-11.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libgcc@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", "upstreams": [ { "name": "gcc", "version": "11.5.0-11.el9" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2022-27943", "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-27943", "epss": 0.0005, "percentile": 0.15344, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-27943", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.02125 }, "relatedVulnerabilities": [ { "id": "CVE-2022-27943", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 4.3, "exploitabilityScore": 8.6, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-27943", "epss": 0.0005, "percentile": 0.15344, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-27943", "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "gcc", "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "e66b7275c6659e9c", "name": "libstdc++", "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", "upstreams": [ { "name": "gcc", "version": "11.5.0-11.el9" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-15079", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15079", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in curl. When performing SSH-based transfers using SCP or SFTP, libcurl could mistakenly connect to hosts not listed in the user-specified knownhosts file. This occurs if the host is present in the libssh global knownhosts file, effectively bypassing the intended host verification. This could allow a remote attacker to connect to an untrusted host, potentially leading to information disclosure or man-in-the-middle attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 8.1, "exploitabilityScore": 2.9, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15079", "epss": 0.00035, "percentile": 0.10291, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15079", "cwe": "CWE-297", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.019424999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15079", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-15079.html", "https://curl.se/docs/CVE-2025-15079.json", "https://hackerone.com/reports/3477116", "http://www.openwall.com/lists/oss-security/2026/01/07/6" ], "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15079", "epss": 0.00035, "percentile": 0.10291, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15079", "cwe": "CWE-297", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-15079", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "832573eaa261ddca", "name": "curl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-15079", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15079", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in curl. When performing SSH-based transfers using SCP or SFTP, libcurl could mistakenly connect to hosts not listed in the user-specified knownhosts file. This occurs if the host is present in the libssh global knownhosts file, effectively bypassing the intended host verification. This could allow a remote attacker to connect to an untrusted host, potentially leading to information disclosure or man-in-the-middle attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 8.1, "exploitabilityScore": 2.9, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15079", "epss": 0.00035, "percentile": 0.10291, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15079", "cwe": "CWE-297", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.019424999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2025-15079", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15079", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-15079.html", "https://curl.se/docs/CVE-2025-15079.json", "https://hackerone.com/reports/3477116", "http://www.openwall.com/lists/oss-security/2026/01/07/6" ], "description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-15079", "epss": 0.00035, "percentile": 0.10291, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-15079", "cwe": "CWE-297", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-15079", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "17f6388a8875d95e", "name": "libcurl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-28390", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-28390", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28390", "epss": 0.00031, "percentile": 0.08731, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28390", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.019375 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28390", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28390", "epss": 0.00031, "percentile": 0.08731, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28390", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "1:3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-28390", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "019f13958fa4dc68", "name": "openssl", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-28390", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-28390", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28390", "epss": 0.00031, "percentile": 0.08731, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28390", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.019375 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28390", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28390", "epss": 0.00031, "percentile": 0.08731, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28390", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-28390", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "15b6910272a6e502", "name": "openssl-libs", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.1-7.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2022-41409", "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-41409", "epss": 0.00046, "percentile": 0.1406, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-41409", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2022-41409", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", "https://github.com/PCRE2Project/pcre2/issues/141" ], "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-41409", "epss": 0.00046, "percentile": 0.1406, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-41409", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "pcre2", "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d52857c4436af57f", "name": "pcre2", "version": "10.40-6.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD" ], "cpes": [ "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2022-41409", "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-41409", "epss": 0.00046, "percentile": 0.1406, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-41409", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2022-41409", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", "https://github.com/PCRE2Project/pcre2/issues/141" ], "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-41409", "epss": 0.00046, "percentile": 0.1406, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-41409", "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "pcre2", "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "79b3a388130aa9b9", "name": "pcre2-syntax", "version": "10.40-6.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD" ], "cpes": [ "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ { "name": "pcre2", "version": "10.40-6.el9" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-3805", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 6.3, "exploitabilityScore": 2.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3805", "epss": 0.00029, "percentile": 0.08066, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3805", "cwe": "CWE-416", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.016385 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3805", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2026-3805.html", "https://curl.se/docs/CVE-2026-3805.json", "https://hackerone.com/reports/3591944", "http://www.openwall.com/lists/oss-security/2026/03/11/4" ], "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3805", "epss": 0.00029, "percentile": 0.08066, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3805", "cwe": "CWE-416", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-3805", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "832573eaa261ddca", "name": "curl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-3805", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3805", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When handling a second Server Message Block (SMB) request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { "baseScore": 6.3, "exploitabilityScore": 2.9, "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3805", "epss": 0.00029, "percentile": 0.08066, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3805", "cwe": "CWE-416", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.016385 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3805", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://curl.se/docs/CVE-2026-3805.html", "https://curl.se/docs/CVE-2026-3805.json", "https://hackerone.com/reports/3591944", "http://www.openwall.com/lists/oss-security/2026/03/11/4" ], "description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3805", "epss": 0.00029, "percentile": 0.08066, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3805", "cwe": "CWE-416", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-3805", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "17f6388a8875d95e", "name": "libcurl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-70873", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-70873", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in SQLite. This information disclosure vulnerability exists within the zipfile extension, specifically in the zipfileInflate function. A remote attacker could exploit this by providing a specially crafted ZIP file. Successful exploitation could lead to the disclosure of sensitive heap memory information.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-70873", "epss": 0.0005, "percentile": 0.15363, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-70873", "cwe": "CWE-244", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.015749999999999997 }, "relatedVulnerabilities": [ { "id": "CVE-2025-70873", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-70873", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054", "https://sqlite.org/forum/forumpost/761eac3c82", "https://sqlite.org/src/info/3d459f1fb1bd1b5e" ], "description": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-70873", "epss": 0.0005, "percentile": 0.15363, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-70873", "cwe": "CWE-244", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "sqlite", "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-70873", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "87ad778255840d3f", "name": "sqlite-libs", "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Public Domain" ], "cpes": [ "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { "name": "sqlite", "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-30258", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { "baseScore": 2.7, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-30258", "epss": 0.00053, "percentile": 0.16457, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-30258", "cwe": "CWE-754", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.015105 }, "relatedVulnerabilities": [ { "id": "CVE-2025-30258", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://dev.gnupg.org/T7527", "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { "baseScore": 2.7, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-30258", "epss": 0.00053, "percentile": 0.16457, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-30258", "cwe": "CWE-754", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "gnupg2", "version": "0:2.3.3-5.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b6927cd2ef30abcf", "name": "gnupg2", "version": "2.3.3-5.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPLv3+" ], "cpes": [ "cpe:2.3:a:gnupg2:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-5.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-7039", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-7039", "epss": 0.00045, "percentile": 0.13648, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-7039", "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.015074999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2025-7039", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/security/cve/CVE-2025-7039", "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-7039", "epss": 0.00045, "percentile": 0.13648, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-7039", "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glib2", "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "008c1c343332e76a", "name": "glib2", "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2023-4156", "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 6.1, "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-4156", "epss": 0.00031, "percentile": 0.08918, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" }, { "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.014105 }, "relatedVulnerabilities": [ { "id": "CVE-2023-4156", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://access.redhat.com/security/cve/CVE-2023-4156", "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { "baseScore": 7.1, "exploitabilityScore": 1.9, "impactScore": 5.2 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 4.4, "exploitabilityScore": 1.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-4156", "epss": 0.00031, "percentile": 0.08918, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" }, { "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "gawk", "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "9dcf052ea12fdad7", "name": "gawk", "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-28389", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-28389", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28389", "epss": 0.00031, "percentile": 0.08731, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28389", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.013795000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28389", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28389", "epss": 0.00031, "percentile": 0.08731, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28389", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "1:3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-28389", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "019f13958fa4dc68", "name": "openssl", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-28389", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-28389", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence, leading to a NULL pointer dereference. This can result in a Denial of Service (DoS) for applications that handle untrusted CMS data.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28389", "epss": 0.00031, "percentile": 0.08731, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28389", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.013795000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28389", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28389", "epss": 0.00031, "percentile": 0.08731, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28389", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-28389", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "15b6910272a6e502", "name": "openssl-libs", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.1-7.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-29111", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-29111", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with spurious data. In older versions (v249 and earlier), this can lead to stack overwriting with attacker-controlled content, potentially enabling arbitrary code execution or privilege escalation. In newer versions (v250 and later), the flaw causes systemd to assert and freeze, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 7.8, "exploitabilityScore": 1.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-29111", "epss": 0.0002, "percentile": 0.05537, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-29111", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.012800000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-29111", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-29111", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a", "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6", "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412", "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd", "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f", "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f", "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69", "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6", "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c", "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8", "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764" ], "description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-29111", "epss": 0.0002, "percentile": 0.05537, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-29111", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "systemd", "version": "252-55.el9_7.8" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-29111", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "233133018b8076ba", "name": "systemd-libs", "version": "252-55.el9_7.8", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and MIT" ], "cpes": [ "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.8:*:*:*:*:*:*:*", "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.8:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.8:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.8:*:*:*:*:*:*:*", "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.8:*:*:*:*:*:*:*", "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.8:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.8:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.8:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.8.src.rpm", "upstreams": [ { "name": "systemd", "version": "252-55.el9_7.8" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-3784", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3784", "epss": 0.00022, "percentile": 0.06118, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3784", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.012649999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3784", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-3784.html", "https://curl.se/docs/CVE-2026-3784.json", "https://hackerone.com/reports/3584903", "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3784", "epss": 0.00022, "percentile": 0.06118, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3784", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "832573eaa261ddca", "name": "curl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-3784", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3784", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3784", "epss": 0.00022, "percentile": 0.06118, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3784", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.012649999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3784", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-3784.html", "https://curl.se/docs/CVE-2026-3784.json", "https://hackerone.com/reports/3584903", "http://www.openwall.com/lists/oss-security/2026/03/11/3" ], "description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 3.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3784", "epss": 0.00022, "percentile": 0.06118, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3784", "cwe": "CWE-305", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-3784", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "17f6388a8875d95e", "name": "libcurl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-60753", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-60753", "epss": 0.00024, "percentile": 0.06719, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-60753", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" }, { "cve": "CVE-2025-60753", "cwe": "CWE-835", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0126 }, "relatedVulnerabilities": [ { "id": "CVE-2025-60753", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", "https://github.com/libarchive/libarchive/issues/2725" ], "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-60753", "epss": 0.00024, "percentile": 0.06719, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-60753", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" }, { "cve": "CVE-2025-60753", "cwe": "CWE-835", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libarchive", "version": "0:3.5.3-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "495577a1e778f374", "name": "libarchive", "version": "3.5.3-9.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.5.3-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-9.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-9232", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-9232", "epss": 0.00041, "percentile": 0.12397, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-9232", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.012505 }, "relatedVulnerabilities": [ { "id": "CVE-2025-9232", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", "https://openssl-library.org/news/secadv/20250930.txt", "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-9232", "epss": 0.00041, "percentile": 0.12397, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-9232", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "1:3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "019f13958fa4dc68", "name": "openssl", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-9232", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in the OpenSSL HTTP client API no_proxy handling. This vulnerability allows an application level denial of service (application crash) via an attacker-controlled IPv6 URL when the no_proxy environment variable is set.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-9232", "epss": 0.00041, "percentile": 0.12397, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-9232", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.012505 }, "relatedVulnerabilities": [ { "id": "CVE-2025-9232", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", "https://openssl-library.org/news/secadv/20250930.txt", "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-9232", "epss": 0.00041, "percentile": 0.12397, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-9232", "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "15b6910272a6e502", "name": "openssl-libs", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.1-7.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-22185", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { "baseScore": 6.8, "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-22185", "epss": 0.00021, "percentile": 0.05794, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-22185", "cwe": "CWE-125", "source": "disclosure@vulncheck.com", "type": "Secondary" }, { "cve": "CVE-2026-22185", "cwe": "CWE-191", "source": "disclosure@vulncheck.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01239 }, "relatedVulnerabilities": [ { "id": "CVE-2026-22185", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://bugs.openldap.org/show_bug.cgi?id=10421", "https://seclists.org/fulldisclosure/2026/Jan/5", "https://seclists.org/fulldisclosure/2026/Jan/8", "https://www.openldap.org/", "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { "source": "disclosure@vulncheck.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-22185", "epss": 0.00021, "percentile": 0.05794, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-22185", "cwe": "CWE-125", "source": "disclosure@vulncheck.com", "type": "Secondary" }, { "cve": "CVE-2026-22185", "cwe": "CWE-191", "source": "disclosure@vulncheck.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openldap", "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "f8bdc202e20abd5b", "name": "openldap", "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "OLDAP-2.8" ], "cpes": [ "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-14524", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14524", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in curl. When an OAuth2 (Open Authorization) bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a different scheme like IMAP, LDAP, POP3, or SMTP, curl might incorrectly pass the bearer token to the new target host. This could lead to information disclosure, where sensitive authentication tokens are exposed to unintended recipients.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14524", "epss": 0.00026, "percentile": 0.07221, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14524", "cwe": "CWE-601", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01235 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14524", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14524.html", "https://curl.se/docs/CVE-2025-14524.json", "https://hackerone.com/reports/3459417", "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14524", "epss": 0.00026, "percentile": 0.07221, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14524", "cwe": "CWE-601", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-14524", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "832573eaa261ddca", "name": "curl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-14524", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14524", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in curl. When an OAuth2 (Open Authorization) bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a different scheme like IMAP, LDAP, POP3, or SMTP, curl might incorrectly pass the bearer token to the new target host. This could lead to information disclosure, where sensitive authentication tokens are exposed to unintended recipients.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14524", "epss": 0.00026, "percentile": 0.07221, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14524", "cwe": "CWE-601", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01235 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14524", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14524.html", "https://curl.se/docs/CVE-2025-14524.json", "https://hackerone.com/reports/3459417", "http://www.openwall.com/lists/oss-security/2026/01/07/4" ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.7, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14524", "epss": 0.00026, "percentile": 0.07221, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14524", "cwe": "CWE-601", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-14524", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "17f6388a8875d95e", "name": "libcurl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-3783", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.7, "exploitabilityScore": 2.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3783", "epss": 0.00023, "percentile": 0.06411, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3783", "cwe": "CWE-522", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.012305000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3783", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-3783.html", "https://curl.se/docs/CVE-2026-3783.json", "https://hackerone.com/reports/3583983", "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3783", "epss": 0.00023, "percentile": 0.06411, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3783", "cwe": "CWE-522", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "832573eaa261ddca", "name": "curl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-3783", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-3783", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.7, "exploitabilityScore": 2.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3783", "epss": 0.00023, "percentile": 0.06411, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3783", "cwe": "CWE-522", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.012305000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-3783", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2026-3783.html", "https://curl.se/docs/CVE-2026-3783.json", "https://hackerone.com/reports/3583983", "http://www.openwall.com/lists/oss-security/2026/03/11/2" ], "description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-3783", "epss": 0.00023, "percentile": 0.06411, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-3783", "cwe": "CWE-522", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-3783", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "17f6388a8875d95e", "name": "libcurl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4438", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4438", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 4, "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4438", "epss": 0.00033, "percentile": 0.09715, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4438", "cwe": "CWE-20", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-4438", "cwe": "CWE-88", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01155 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4438", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=34015" ], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4438", "epss": 0.00033, "percentile": 0.09715, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4438", "cwe": "CWE-20", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-4438", "cwe": "CWE-88", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "0:2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4438", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "d41f8063e44e2263", "name": "glibc", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4438", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4438", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 4, "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4438", "epss": 0.00033, "percentile": 0.09715, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4438", "cwe": "CWE-20", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-4438", "cwe": "CWE-88", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01155 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4438", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=34015" ], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4438", "epss": 0.00033, "percentile": 0.09715, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4438", "cwe": "CWE-20", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-4438", "cwe": "CWE-88", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4438", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "1135b72e9fa314da", "name": "glibc-common", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4438", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4438", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 4, "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4438", "epss": 0.00033, "percentile": 0.09715, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4438", "cwe": "CWE-20", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-4438", "cwe": "CWE-88", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01155 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4438", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=34015" ], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4438", "epss": 0.00033, "percentile": 0.09715, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4438", "cwe": "CWE-20", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-4438", "cwe": "CWE-88", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4438", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "4658d483d1634f16", "name": "glibc-langpack-en", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4438", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4438", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 4, "exploitabilityScore": 2.6, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4438", "epss": 0.00033, "percentile": 0.09715, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4438", "cwe": "CWE-20", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-4438", "cwe": "CWE-88", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.01155 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4438", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://sourceware.org/bugzilla/show_bug.cgi?id=34015" ], "description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4438", "epss": 0.00033, "percentile": 0.09715, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4438", "cwe": "CWE-20", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" }, { "cve": "CVE-2026-4438", "cwe": "CWE-88", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glibc", "version": "2.34-231.el9_7.10" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4438", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "81f30677c0ddeeec", "name": "glibc-minimal-langpack", "version": "2.34-231.el9_7.10", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*", "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.10:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.10?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.10.src.rpm", "upstreams": [ { "name": "glibc", "version": "2.34-231.el9_7.10" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-31789", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-31789", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.8, "exploitabilityScore": 1.1, "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31789", "epss": 0.00026, "percentile": 0.07295, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-31789", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.011439999999999997 }, "relatedVulnerabilities": [ { "id": "CVE-2026-31789", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31789", "epss": 0.00026, "percentile": 0.07295, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-31789", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "1:3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-31789", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "019f13958fa4dc68", "name": "openssl", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-31789", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-31789", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. This vulnerability, a heap buffer overflow, affects 32-bit systems when processing an unusually large X.509 certificate. If an application or service attempts to print or log such a specially crafted certificate, it could lead to a system crash or potentially allow an attacker to execute arbitrary code. This issue is considered low severity due to the specific conditions required for exploitation, including the need for an extremely large certificate and a 32-bit operating environment.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.8, "exploitabilityScore": 1.1, "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31789", "epss": 0.00026, "percentile": 0.07295, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-31789", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.011439999999999997 }, "relatedVulnerabilities": [ { "id": "CVE-2026-31789", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "namespace": "nvd:cpe", "severity": "Critical", "urls": [ "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 9.8, "exploitabilityScore": 3.9, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31789", "epss": 0.00026, "percentile": 0.07295, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-31789", "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-31789", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "15b6910272a6e502", "name": "openssl-libs", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.1-7.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-5745", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-5745", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5745", "epss": 0.00019, "percentile": 0.0509, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5745", "cwe": "CWE-476", "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009975000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-5745", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-5745", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-5745", "https://bugzilla.redhat.com/show_bug.cgi?id=2455921" ], "description": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-5745", "epss": 0.00019, "percentile": 0.0509, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-5745", "cwe": "CWE-476", "source": "secalert@redhat.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libarchive", "version": "0:3.5.3-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-5745", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "495577a1e778f374", "name": "libarchive", "version": "3.5.3-9.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.5.3-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-9.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-1489", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1489", "epss": 0.00018, "percentile": 0.04876, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-1489", "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009360000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1489", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-1489", "https://bugzilla.redhat.com/show_bug.cgi?id=2433348", "https://gitlab.gnome.org/GNOME/glib/-/issues/3872" ], "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 5.4, "exploitabilityScore": 2.9, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1489", "epss": 0.00018, "percentile": 0.04876, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-1489", "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glib2", "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-1489", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "008c1c343332e76a", "name": "glib2", "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-6170", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-6170", "epss": 0.00034, "percentile": 0.10099, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-6170", "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00935 }, "relatedVulnerabilities": [ { "id": "CVE-2025-6170", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2025-6170", "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/941", "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.5, "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-6170", "epss": 0.00034, "percentile": 0.10099, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-6170", "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libxml2", "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "79cdbcbd3d61afd9", "name": "libxml2", "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-28388", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-28388", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28388", "epss": 0.00021, "percentile": 0.05815, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28388", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009345000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28388", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28388", "epss": 0.00021, "percentile": 0.05815, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28388", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "1:3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-28388", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "019f13958fa4dc68", "name": "openssl", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-28388", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-28388", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List (CRL) that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application that has delta CRL processing enabled, leading to a Denial of Service (DoS) for the application.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28388", "epss": 0.00021, "percentile": 0.05815, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28388", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009345000000000003 }, "relatedVulnerabilities": [ { "id": "CVE-2026-28388", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-28388", "epss": 0.00021, "percentile": 0.05815, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-28388", "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-28388", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "15b6910272a6e502", "name": "openssl-libs", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.1-7.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-31790", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-31790", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31790", "epss": 0.00017, "percentile": 0.03962, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-31790", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009265000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-31790", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31790", "epss": 0.00017, "percentile": 0.03962, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-31790", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "1:3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-31790", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "019f13958fa4dc68", "name": "openssl", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-31790", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-31790", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31790", "epss": 0.00017, "percentile": 0.03962, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-31790", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.009265000000000002 }, "relatedVulnerabilities": [ { "id": "CVE-2026-31790", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://openssl-library.org/news/secadv/20260407.txt" ], "description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-31790", "epss": 0.00017, "percentile": 0.03962, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-31790", "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-31790", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "15b6910272a6e502", "name": "openssl-libs", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.1-7.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-6732", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-6732", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6732", "epss": 0.00015, "percentile": 0.03379, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-6732", "cwe": "CWE-843", "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.008624999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-6732", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-6732", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-6732", "https://bugzilla.redhat.com/show_bug.cgi?id=2461300", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097", "https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411" ], "description": "A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.5, "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-6732", "epss": 0.00015, "percentile": 0.03379, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-6732", "cwe": "CWE-843", "source": "secalert@redhat.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libxml2", "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-6732", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "79cdbcbd3d61afd9", "name": "libxml2", "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-1484", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 4.2, "exploitabilityScore": 1.7, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1484", "epss": 0.00018, "percentile": 0.04487, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-1484", "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.008280000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1484", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-1484", "https://bugzilla.redhat.com/show_bug.cgi?id=2433259", "https://gitlab.gnome.org/GNOME/glib/-/issues/3870" ], "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { "baseScore": 4.2, "exploitabilityScore": 1.7, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1484", "epss": 0.00018, "percentile": 0.04487, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-1484", "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glib2", "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-1484", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "008c1c343332e76a", "name": "glib2", "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-1632", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1632", "epss": 0.00025, "percentile": 0.06809, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-1632", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1632", "cwe": "CWE-476", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1632", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.007874999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2025-1632", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", "https://vuldb.com/?ctiid.296619", "https://vuldb.com/?id.296619", "https://vuldb.com/?submit.496460" ], "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "4.0", "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { "baseScore": 4.8 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "cna@vuldb.com", "type": "Secondary", "version": "2.0", "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "metrics": { "baseScore": 1.7, "exploitabilityScore": 3.2, "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-1632", "epss": 0.00025, "percentile": 0.06809, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-1632", "cwe": "CWE-404", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1632", "cwe": "CWE-476", "source": "cna@vuldb.com", "type": "Secondary" }, { "cve": "CVE-2025-1632", "cwe": "CWE-476", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libarchive", "version": "0:3.5.3-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "495577a1e778f374", "name": "libarchive", "version": "3.5.3-9.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.5.3-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-9.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-41989", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-41989", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in Libgcrypt. A remote attacker could exploit this vulnerability by sending crafted Elliptic Curve Diffie-Hellman (ECDH) ciphertext to the `gcry_pk_decrypt` function. This can lead to a heap-based buffer overflow, potentially causing a denial of service (DoS) condition.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-41989", "epss": 0.00012, "percentile": 0.01692, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-41989", "cwe": "CWE-787", "source": "cve@mitre.org", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.007500000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-41989", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-41989", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://dev.gnupg.org/T8211", "https://lists.gnupg.org/pipermail/gnupg-announce/2026q2/000503.html", "https://www.openwall.com/lists/oss-security/2026/04/21/1" ], "description": "Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.", "cvss": [ { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 1.5, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-41989", "epss": 0.00012, "percentile": 0.01692, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-41989", "cwe": "CWE-787", "source": "cve@mitre.org", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libgcrypt", "version": "0:1.10.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-41989", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "bdcb3bee3b1ed812", "name": "libgcrypt", "version": "1.10.0-11.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+" ], "cpes": [ "cpe:2.3:a:libgcrypt:libgcrypt:1.10.0-11.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libgcrypt:1.10.0-11.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libgcrypt@1.10.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=libgcrypt-1.10.0-11.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-27456", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27456", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00015, "percentile": 0.03097, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.007274999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27456", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g" ], "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00015, "percentile": 0.03097, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "util-linux", "version": "2.37.4-21.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-27456", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "dba541df80851b08", "name": "libblkid", "version": "2.37.4-21.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+" ], "cpes": [ "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9_7?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9_7.src.rpm", "upstreams": [ { "name": "util-linux", "version": "2.37.4-21.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-27456", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27456", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00015, "percentile": 0.03097, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.007274999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27456", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g" ], "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00015, "percentile": 0.03097, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "util-linux", "version": "2.37.4-21.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-27456", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "523e383e4618dcda", "name": "libmount", "version": "2.37.4-21.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+" ], "cpes": [ "cpe:2.3:a:libmount:libmount:2.37.4-21.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libmount:2.37.4-21.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9_7?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9_7.src.rpm", "upstreams": [ { "name": "util-linux", "version": "2.37.4-21.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-27456", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27456", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00015, "percentile": 0.03097, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.007274999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27456", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g" ], "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00015, "percentile": 0.03097, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "util-linux", "version": "2.37.4-21.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-27456", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "32b3d88bd8711736", "name": "libsmartcols", "version": "2.37.4-21.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+" ], "cpes": [ "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9_7?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9_7.src.rpm", "upstreams": [ { "name": "util-linux", "version": "2.37.4-21.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-27456", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27456", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in util-linux. When an /etc/fstab entry is configured with the user,loop options, the `mount` program checks the file path with user permissions but later opens it with root privileges. This creates a brief Time-of-Check-Time-of-Use (TOCTOU) window where an attacker can substitute the intended file with a malicious symbolic link. This allows a local unprivileged user to mount any root-owned file or block device that contains a valid filesystem, gaining full read access to its contents.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00015, "percentile": 0.03097, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.007274999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27456", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g" ], "description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "cvss": [ { "source": "security-advisories@github.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27456", "epss": 0.00015, "percentile": 0.03097, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-27456", "cwe": "CWE-59", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-269", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "security-advisories@github.com", "type": "Secondary" }, { "cve": "CVE-2026-27456", "cwe": "CWE-367", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "util-linux", "version": "2.37.4-21.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-27456", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "5d74f51dbb602efa", "name": "libuuid", "version": "2.37.4-21.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD" ], "cpes": [ "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9_7?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9_7.src.rpm", "upstreams": [ { "name": "util-linux", "version": "2.37.4-21.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2023-30571", "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-30571", "epss": 0.00014, "percentile": 0.02606, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-30571", "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2023-30571", "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "wont-fix" }, "advisories": [], "risk": 0.007209999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2023-30571", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/libarchive/libarchive/issues/1876", "https://groups.google.com/g/libarchive-announce" ], "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { "baseScore": 5.3, "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { "baseScore": 3.9, "exploitabilityScore": 0.9, "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2023-30571", "epss": 0.00014, "percentile": 0.02606, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2023-30571", "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2023-30571", "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libarchive", "version": "0:3.5.3-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "495577a1e778f374", "name": "libarchive", "version": "3.5.3-9.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD" ], "cpes": [ "cpe:2.3:a:libarchive:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libarchive:3.5.3-9.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libarchive@3.5.3-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-9.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-0989", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0989", "epss": 0.00021, "percentile": 0.05717, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-0989", "cwe": "CWE-674", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.007034999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-0989", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2026-0989", "https://bugzilla.redhat.com/show_bug.cgi?id=2429933", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/998" ], "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0989", "epss": 0.00021, "percentile": 0.05717, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-0989", "cwe": "CWE-674", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libxml2", "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "79cdbcbd3d61afd9", "name": "libxml2", "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4105", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4105", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.00012, "percentile": 0.01719, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00702 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4105", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-4105", "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862" ], "description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4105", "epss": 0.00012, "percentile": 0.01719, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4105", "cwe": "CWE-284", "source": "secalert@redhat.com", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "systemd", "version": "252-55.el9_7.8" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4105", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "233133018b8076ba", "name": "systemd-libs", "version": "252-55.el9_7.8", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+ and MIT" ], "cpes": [ "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.8:*:*:*:*:*:*:*", "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.8:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.8:*:*:*:*:*:*:*", "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.8:*:*:*:*:*:*:*", "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.8:*:*:*:*:*:*:*", "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.8:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.8:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.8:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.8?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.8.src.rpm", "upstreams": [ { "name": "systemd", "version": "252-55.el9_7.8" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2024-0232", "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-0232", "epss": 0.00018, "percentile": 0.047, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-0232", "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" }, { "cve": "CVE-2024-0232", "cwe": "CWE-416", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00693 }, "relatedVulnerabilities": [ { "id": "CVE-2024-0232", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/security/cve/CVE-2024-0232", "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", "https://security.netapp.com/advisory/ntap-20240315-0007/" ], "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2024-0232", "epss": 0.00018, "percentile": 0.047, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2024-0232", "cwe": "CWE-416", "source": "secalert@redhat.com", "type": "Secondary" }, { "cve": "CVE-2024-0232", "cwe": "CWE-416", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "sqlite", "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "87ad778255840d3f", "name": "sqlite-libs", "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Public Domain" ], "cpes": [ "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { "name": "sqlite", "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2022-3219", "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.2, "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-3219", "epss": 0.00015, "percentile": 0.03274, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-3219", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2022-3219", "cwe": "CWE-787", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.006899999999999998 }, "relatedVulnerabilities": [ { "id": "CVE-2022-3219", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/security/cve/CVE-2022-3219", "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", "https://dev.gnupg.org/D556", "https://dev.gnupg.org/T5993", "https://marc.info/?l=oss-security&m=165696590211434&w=4", "https://security.netapp.com/advisory/ntap-20230324-0001/" ], "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2022-3219", "epss": 0.00015, "percentile": 0.03274, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2022-3219", "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" }, { "cve": "CVE-2022-3219", "cwe": "CWE-787", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "gnupg2", "version": "0:2.3.3-5.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b6927cd2ef30abcf", "name": "gnupg2", "version": "2.3.3-5.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPLv3+" ], "cpes": [ "cpe:2.3:a:gnupg2:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-5.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-13034", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13034", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When configured to use public key pinning with QUIC connections and GnuTLS, and with standard certificate verification explicitly disabled, curl could bypass the intended public key check. This oversight allows a malicious server to impersonate a legitimate one, potentially leading to unauthorized access or information disclosure due to a failure in verifying the server's identity.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.8, "exploitabilityScore": 1.7, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13034", "epss": 0.00011, "percentile": 0.01302, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-13034", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2025-13034", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13034", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-13034.html", "https://curl.se/docs/CVE-2025-13034.json" ], "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13034", "epss": 0.00011, "percentile": 0.01302, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-13034", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-13034", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "832573eaa261ddca", "name": "curl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-13034", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13034", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When configured to use public key pinning with QUIC connections and GnuTLS, and with standard certificate verification explicitly disabled, curl could bypass the intended public key check. This oversight allows a malicious server to impersonate a legitimate one, potentially leading to unauthorized access or information disclosure due to a failure in verifying the server's identity.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.8, "exploitabilityScore": 1.7, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13034", "epss": 0.00011, "percentile": 0.01302, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-13034", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2025-13034", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13034", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-13034.html", "https://curl.se/docs/CVE-2025-13034.json" ], "description": "When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`\nwith the curl tool,curl should check the public key of the server certificate\nto verify the peer.\n\nThis check was skipped in a certain condition that would then make curl allow\nthe connection without performing the proper check, thus not noticing a\npossible impostor. To skip this check, the connection had to be done with QUIC\nwith ngtcp2 built to use GnuTLS and the user had to explicitly disable the\nstandard certificate verification.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-13034", "epss": 0.00011, "percentile": 0.01302, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-13034", "cwe": "CWE-295", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-13034", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "17f6388a8875d95e", "name": "libcurl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-0992", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0992", "epss": 0.00022, "percentile": 0.05975, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-0992", "cwe": "CWE-400", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { "id": "CVE-2026-0992", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2026-0992", "https://bugzilla.redhat.com/show_bug.cgi?id=2429975", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019" ], "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-0992", "epss": 0.00022, "percentile": 0.05975, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-0992", "cwe": "CWE-400", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libxml2", "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "79cdbcbd3d61afd9", "name": "libxml2", "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-2673", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2673", "epss": 0.00017, "percentile": 0.04395, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2673", "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.005185 }, "relatedVulnerabilities": [ { "id": "CVE-2026-2673", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://openssl-library.org/news/secadv/20260313.txt", "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2673", "epss": 0.00017, "percentile": 0.04395, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2673", "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "1:3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "019f13958fa4dc68", "name": "openssl", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-2673", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2673", "epss": 0.00017, "percentile": 0.04395, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2673", "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.005185 }, "relatedVulnerabilities": [ { "id": "CVE-2026-2673", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://openssl-library.org/news/secadv/20260313.txt", "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2673", "epss": 0.00017, "percentile": 0.04395, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2673", "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl-fips-provider", "version": "0:3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3f743355082e9e4b", "name": "openssl-fips-provider", "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "ASL 2.0" ], "cpes": [ "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-fips-provider:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_fips_provider:3.0.7-8.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-fips-provider@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-2673", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2673", "epss": 0.00017, "percentile": 0.04395, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2673", "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.005185 }, "relatedVulnerabilities": [ { "id": "CVE-2026-2673", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://openssl-library.org/news/secadv/20260313.txt", "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2673", "epss": 0.00017, "percentile": 0.04395, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2673", "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl-fips-provider", "version": "3.0.7-8.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "039e508ce9d5da38", "name": "openssl-fips-provider-so", "version": "3.0.7-8.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "ASL 2.0" ], "cpes": [ "cpe:2.3:a:openssl-fips-provider-so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips-provider-so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips_provider_so:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips_provider_so:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips-provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips-provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips_provider:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips_provider:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_fips:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-fips-provider-so:3.0.7-8.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_fips_provider_so:3.0.7-8.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-fips-provider-so@3.0.7-8.el9?arch=x86_64&distro=rhel-9.7&upstream=openssl-fips-provider-3.0.7-8.el9.src.rpm", "upstreams": [ { "name": "openssl-fips-provider", "version": "3.0.7-8.el9" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-2673", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-2673", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the \"DEFAULT\" keyword. A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated keyshares. This will sometimes be the case with the new hybrid post-quantum groups, if the client chooses to defer their use until specifically requested by the server. No OpenSSL FIPS modules are affected by this issue, the code in question lies outside the FIPS boundary.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "metrics": { "baseScore": 3.1, "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2673", "epss": 0.00017, "percentile": 0.04395, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2673", "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.005185 }, "relatedVulnerabilities": [ { "id": "CVE-2026-2673", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://openssl-library.org/news/secadv/20260313.txt", "http://www.openwall.com/lists/oss-security/2026/03/13/3" ], "description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-2673", "epss": 0.00017, "percentile": 0.04395, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-2673", "cwe": "CWE-757", "source": "openssl-security@openssl.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "openssl", "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-2673", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "15b6910272a6e502", "name": "openssl-libs", "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "Apache-2.0" ], "cpes": [ "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [ { "name": "openssl", "version": "3.5.1-7.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-1757", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.2, "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1757", "epss": 0.00009, "percentile": 0.00939, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-1757", "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00504 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1757", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2026-1757", "https://bugzilla.redhat.com/show_bug.cgi?id=2435940", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009" ], "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 6.2, "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1757", "epss": 0.00009, "percentile": 0.00939, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-1757", "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libxml2", "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "79cdbcbd3d61afd9", "name": "libxml2", "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-24883", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-24883", "epss": 0.00015, "percentile": 0.02885, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-24883", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.005024999999999999 }, "relatedVulnerabilities": [ { "id": "CVE-2026-24883", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://dev.gnupg.org/T8049", "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-24883", "epss": 0.00015, "percentile": 0.02885, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-24883", "cwe": "CWE-476", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "gnupg2", "version": "0:2.3.3-5.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b6927cd2ef30abcf", "name": "gnupg2", "version": "2.3.3-5.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPLv3+" ], "cpes": [ "cpe:2.3:a:gnupg2:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-5.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-14017", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 4.8, "exploitabilityScore": 2.3, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14017", "epss": 0.00007, "percentile": 0.0062, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14017", "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14017", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14017.html", "https://curl.se/docs/CVE-2025-14017.json", "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.3, "exploitabilityScore": 1.1, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14017", "epss": 0.00007, "percentile": 0.0062, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14017", "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "832573eaa261ddca", "name": "curl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:curl:curl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-14017", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { "baseScore": 4.8, "exploitabilityScore": 2.3, "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14017", "epss": 0.00007, "percentile": 0.0062, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14017", "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { "id": "CVE-2025-14017", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://curl.se/docs/CVE-2025-14017.html", "https://curl.se/docs/CVE-2025-14017.json", "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { "baseScore": 6.3, "exploitabilityScore": 1.1, "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-14017", "epss": 0.00007, "percentile": 0.0062, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-14017", "cwe": "NVD-CWE-Other", "source": "nvd@nist.gov", "type": "Primary" } ] } ], "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "curl", "version": "7.76.1-35.el9_7.3" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-14017", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "17f6388a8875d95e", "name": "libcurl-minimal", "version": "7.76.1-35.el9_7.3", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "MIT" ], "cpes": [ "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-35.el9_7.3:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-35.el9_7.3?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-35.el9_7.3.src.rpm", "upstreams": [ { "name": "curl", "version": "7.76.1-35.el9_7.3" } ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-4878", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-4878", "namespace": "redhat:distro:redhat:9", "severity": "High", "urls": [], "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4878", "epss": 0.00004, "percentile": 0.0017, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4878", "cwe": "CWE-367", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00284 }, "relatedVulnerabilities": [ { "id": "CVE-2026-4878", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:7473", "https://access.redhat.com/security/cve/CVE-2026-4878", "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "http://www.openwall.com/lists/oss-security/2026/04/07/14", "http://www.openwall.com/lists/oss-security/2026/04/07/4", "http://www.openwall.com/lists/oss-security/2026/04/08/9", "http://www.openwall.com/lists/oss-security/2026/04/09/5", "http://www.openwall.com/lists/oss-security/2026/04/09/6" ], "description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 7, "exploitabilityScore": 1.1, "impactScore": 5.9 }, "vendorMetadata": {} }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { "baseScore": 6.7, "exploitabilityScore": 0.8, "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-4878", "epss": 0.00004, "percentile": 0.0017, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-4878", "cwe": "CWE-367", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "libcap", "version": "0:2.48-10.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-4878", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b3389bc8d420d9cb", "name": "libcap", "version": "2.48-10.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "BSD or GPLv2" ], "cpes": [ "cpe:2.3:a:libcap:libcap:2.48-10.el9:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:libcap:2.48-10.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/libcap@2.48-10.el9?arch=x86_64&distro=rhel-9.7&upstream=libcap-2.48-10.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-27171", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.3, "exploitabilityScore": 1.9, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27171", "epss": 0.00009, "percentile": 0.00839, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-27171", "cwe": "CWE-1284", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.002835 }, "relatedVulnerabilities": [ { "id": "CVE-2026-27171", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://ostif.org/zlib-audit-complete/" ], "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.9, "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-27171", "epss": 0.00009, "percentile": 0.00839, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-27171", "cwe": "CWE-1284", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "zlib", "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-27171", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "3b95a370d9cbeb72", "name": "zlib", "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "zlib and Boost" ], "cpes": [ "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2025-68972", "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 1.5, "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-68972", "epss": 0.00005, "percentile": 0.00214, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-68972", "cwe": "CWE-347", "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.002725 }, "relatedVulnerabilities": [ { "id": "CVE-2025-68972", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://gpg.fail/formfeed", "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", "https://news.ycombinator.com/item?id=46404339" ], "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 4.7, "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 1.5, "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2025-68972", "epss": 0.00005, "percentile": 0.00214, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2025-68972", "cwe": "CWE-347", "source": "cve@mitre.org", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "gnupg2", "version": "0:2.3.3-5.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "b6927cd2ef30abcf", "name": "gnupg2", "version": "2.3.3-5.el9_7", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "GPLv3+" ], "cpes": [ "cpe:2.3:a:gnupg2:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-5.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { "id": "CVE-2026-1485", "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.8, "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1485", "epss": 0.00006, "percentile": 0.00351, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-1485", "cwe": "CWE-124", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], "state": "not-fixed" }, "advisories": [], "risk": 0.00174 }, "relatedVulnerabilities": [ { "id": "CVE-2026-1485", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", "severity": "Low", "urls": [ "https://access.redhat.com/security/cve/CVE-2026-1485", "https://bugzilla.redhat.com/show_bug.cgi?id=2433325", "https://gitlab.gnome.org/GNOME/glib/-/issues/3871" ], "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 2.8, "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { "cve": "CVE-2026-1485", "epss": 0.00006, "percentile": 0.00351, "date": "2026-04-27" } ], "cwes": [ { "cve": "CVE-2026-1485", "cwe": "CWE-124", "source": "secalert@redhat.com", "type": "Secondary" } ] } ], "matchDetails": [ { "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { "type": "redhat", "version": "9.7" }, "package": { "name": "glib2", "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { "id": "008c1c343332e76a", "name": "glib2", "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", "licenses": [ "LGPLv2+" ], "cpes": [ "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, "modularityLabel": "" } } } ], "source": { "type": "image", "target": { "userInput": "ghcr.io/telemetryforge/agent:25.10.24", "imageID": "sha256:236cf9762b4423638ac66b1c6f94533aa3d6986cf95b1f33332fd974db7374dc", "manifestDigest": "sha256:57d95eb61df4c9ac9d6872e5ce281308ffb1e30027df7feac548369c553b5d75", "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "tags": [ "ghcr.io/telemetryforge/agent:25.10.24" ], "imageSize": 222131066, "layers": [ { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:7b9d8ee06beb8794d1435aca25ed7613e428b00a86a6f80eb5f1a671b5cb9dc2", "size": 104377261 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:1bdd03e6e78959d98bfd7b98bc580adf62ccc95a08e4707e2cf4f15aeac6b4f2", "size": 88517774 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:c0b9e82fbf49805ff350999cde8690b6a1769dca2b6119c9e638abf6d3a0d1da", "size": 10174 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:7103b1f57c18ecb4ccbe72af76503b955832eed8e4720928d83c2cd2c16dc797", "size": 7542 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:36417b1d868228bc077eeab93ad8cb5628a7e3560d2f5d3853bde43c1d74ac3f", "size": 20260055 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:db645d7bc1ec98b7b3e5ef8b3a1e55e0379f9b793d750638486a2ee72525f9e9", "size": 5193552 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:415cb40ffcc169a627f20ed2648c965705924b773e741e3a7259ca4065c4b21d", "size": 3333024 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:d3f726f11541d9630060c7530bff85015f0cac17ca3f0338d8468e8c486af288", "size": 15286 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:8e692b868fcd74800f470667d325b6ed03fe6c2f3a8187659f851e90e3b48875", "size": 0 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:113431e6e3c06d447e0a380da868cea53a655708ea1f3379dde4228371be2eb4", "size": 581 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:ed4dc6b9791d8ba0ad3fa79860002abbeaebe17b50c3d5d3281b5ad05bbfe09c", "size": 581 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:78b51607043e2e5416ee787d6cc13b62a7cb1711c7ab7c4513b1f76f8ea96d9e", "size": 411708 }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "digest": "sha256:0ce5f5f548eca2988a0d7315ef0cf09877fe34f86a127bb27be3cf849ce8b278", "size": 3528 } ], "manifest": "eyJzY2hlbWFWZXJzaW9uIjoyLCJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiY29uZmlnIjp7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuY29udGFpbmVyLmltYWdlLnYxK2pzb24iLCJzaXplIjoxMTc5MiwiZGlnZXN0Ijoic2hhMjU2OjIzNmNmOTc2MmI0NDIzNjM4YWM2NmIxYzZmOTQ1MzNhYTNkNjk4NmNmOTViMWYzMzMzMmZkOTc0ZGI3Mzc0ZGMifSwibGF5ZXJzIjpbeyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MTA2MDc4MjA4LCJkaWdlc3QiOiJzaGEyNTY6N2I5ZDhlZTA2YmViODc5NGQxNDM1YWNhMjVlZDc2MTNlNDI4YjAwYTg2YTZmODBlYjVmMWE2NzFiNWNiOWRjMiJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjkxODQ0NjA4LCJkaWdlc3QiOiJzaGEyNTY6MWJkZDAzZTZlNzg5NTlkOThiZmQ3Yjk4YmM1ODBhZGY2MmNjYzk1YTA4ZTQ3MDdlMmNmNGYxNWFlYWM2YjRmMiJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjEyMjg4LCJkaWdlc3QiOiJzaGEyNTY6YzBiOWU4MmZiZjQ5ODA1ZmYzNTA5OTljZGU4NjkwYjZhMTc2OWRjYTJiNjExOWM5ZTYzOGFiZjZkM2EwZDFkYSJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjkyMTYsImRpZ2VzdCI6InNoYTI1Njo3MTAzYjFmNTdjMThlY2I0Y2NiZTcyYWY3NjUwM2I5NTU4MzJlZWQ4ZTQ3MjA5MjhkODNjMmNkMmMxNmRjNzk3In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6MjAyODU0NDAsImRpZ2VzdCI6InNoYTI1NjozNjQxN2IxZDg2ODIyOGJjMDc3ZWVhYjkzYWQ4Y2I1NjI4YTdlMzU2MGQyZjVkMzg1M2JkZTQzYzFkNzRhYzNmIn0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NTE5ODg0OCwiZGlnZXN0Ijoic2hhMjU2OmRiNjQ1ZDdiYzFlYzk4YjdiM2U1ZWY4YjNhMWU1NWUwMzc5ZjliNzkzZDc1MDYzODQ4NmEyZWU3MjUyNWY5ZTkifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozMzM3MjE2LCJkaWdlc3QiOiJzaGEyNTY6NDE1Y2I0MGZmY2MxNjlhNjI3ZjIwZWQyNjQ4Yzk2NTcwNTkyNGI3NzNlNzQxZTNhNzI1OWNhNDA2NWM0YjIxZCJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjIxNTA0LCJkaWdlc3QiOiJzaGEyNTY6ZDNmNzI2ZjExNTQxZDk2MzAwNjBjNzUzMGJmZjg1MDE1ZjBjYWMxN2NhM2YwMzM4ZDg0NjhlOGM0ODZhZjI4OCJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjI1NjAsImRpZ2VzdCI6InNoYTI1Njo4ZTY5MmI4NjhmY2Q3NDgwMGY0NzA2NjdkMzI1YjZlZDAzZmU2YzJmM2E4MTg3NjU5Zjg1MWU5MGUzYjQ4ODc1In0seyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmltYWdlLnJvb3Rmcy5kaWZmLnRhci5nemlwIiwic2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2OjExMzQzMWU2ZTNjMDZkNDQ3ZTBhMzgwZGE4NjhjZWE1M2E2NTU3MDhlYTFmMzM3OWRkZTQyMjgzNzFiZTJlYjQifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjozNTg0LCJkaWdlc3QiOiJzaGEyNTY6ZWQ0ZGM2Yjk3OTFkOGJhMGFkM2ZhNzk4NjAwMDJhYmJlYWViZTE3YjUwYzNkNWQzMjgxYjVhZDA1YmJmZTA5YyJ9LHsibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5pbWFnZS5yb290ZnMuZGlmZi50YXIuZ3ppcCIsInNpemUiOjQxNzI4MCwiZGlnZXN0Ijoic2hhMjU2Ojc4YjUxNjA3MDQzZTJlNTQxNmVlNzg3ZDZjYzEzYjYyYTdjYjE3MTFjN2FiN2M0NTEzYjFmNzZmOGVhOTZkOWUifSx7Im1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuaW1hZ2Uucm9vdGZzLmRpZmYudGFyLmd6aXAiLCJzaXplIjoyMDQ4MCwiZGlnZXN0Ijoic2hhMjU2OjBjZTVmNWY1NDhlY2EyOTg4YTBkNzMxNWVmMGNmMDk4NzdmZTM0Zjg2YTEyN2JiMjdiZTNjZjg0OWNlOGIyNzgifV19", "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJVc2VyIjoiOTg3NiIsIkV4cG9zZWRQb3J0cyI6eyIyMDIwL3RjcCI6e319LCJFbnYiOlsiUEFUSD0vdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCJjb250YWluZXI9b2NpIiwiRkxVRU5UQklUX1ZFUlNJT049IiwiRkxVRU5URE9fQUdFTlRfVkVSU0lPTj0yNS4xMC4yNCJdLCJFbnRyeXBvaW50IjpbIi9mbHVlbnQtYml0L2Jpbi9mbHVlbnQtYml0Il0sIkNtZCI6WyIvZmx1ZW50LWJpdC9iaW4vZmx1ZW50LWJpdCIsIi1jIiwiL2ZsdWVudC1iaXQvZXRjL2ZsdWVudC1iaXQuY29uZiJdLCJXb3JraW5nRGlyIjoiLyIsIkxhYmVscyI6eyJhcmNoaXRlY3R1cmUiOiJ4ODZfNjQiLCJidWlsZC1kYXRlIjoiMjAyNjA0MjAtMTA0MTAwIiwiY29tLnJlZGhhdC5jb21wb25lbnQiOiJ1Ymk5LW1pbmltYWwtY29udGFpbmVyIiwiY29tLnJlZGhhdC5saWNlbnNlX3Rlcm1zIjoiaHR0cHM6Ly93d3cucmVkaGF0LmNvbS9lbi9hYm91dC9yZWQtaGF0LWVuZC11c2VyLWxpY2Vuc2UtYWdyZWVtZW50cyNVQkkiLCJkZXNjcmlwdGlvbiI6IlRlbGVtZXRyeSBGb3JnZSBBZ2VudCBpcyBhIHN0YWJsZSwgc2VjdXJlIGJ5IGRlZmF1bHQsIE9TUyAoQXBhY2hlLWxpY2Vuc2VkKSBkb3duc3RyZWFtIGRpc3RyaWJ1dGlvbiBvZiBGbHVlbnQgQml0IHdpdGggcHJlZGljdGFibGUgcmVsZWFzZXMgYW5kIGxvbmctdGVybSBzdXBwb3J0ZWQgdmVyc2lvbnMgZm9yIDI0IG1vbnRocy4iLCJkaXN0cmlidXRpb24tc2NvcGUiOiJwdWJsaWMiLCJpby5idWlsZGFoLnZlcnNpb24iOiIxLjM5LjAtZGV2IiwiaW8uazhzLmRlc2NyaXB0aW9uIjoiVGVsZW1ldHJ5IEZvcmdlIEFnZW50IGlzIGEgc3RhYmxlLCBzZWN1cmUgYnkgZGVmYXVsdCwgT1NTIChBcGFjaGUtbGljZW5zZWQpIGRvd25zdHJlYW0gZGlzdHJpYnV0aW9uIG9mIEZsdWVudCBCaXQgd2l0aCBwcmVkaWN0YWJsZSByZWxlYXNlcyBhbmQgbG9uZy10ZXJtIHN1cHBvcnRlZCB2ZXJzaW9ucyBmb3IgMjQgbW9udGhzLiIsImlvLms4cy5kaXNwbGF5LW5hbWUiOiJUZWxlbWV0cnkgRm9yZ2UgQWdlbnQiLCJpby5vcGVuc2hpZnQuZXhwb3NlLXNlcnZpY2VzIjoiIiwiaW8ub3BlbnNoaWZ0LnRhZ3MiOiJvYnNlcnZhYmlsaXR5LGxvZ2dpbmcsbG9nLWFnZ3JlZ2F0aW9uLHRlbGVtZXRyeWZvcmdlLGZsdWVudC1iaXQiLCJtYWludGFpbmVyIjoiVGVsZW1ldHJ5IEZvcmdlIHZpYSBpbmZvQHRlbGVtZXRyeWZvcmdlLmlvIiwibmFtZSI6IlRlbGVtZXRyeSBGb3JnZSBBZ2VudCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5jcmVhdGVkIjoiMjAyNi0wNC0yMFQxMDo0MTowMC45NTBaIiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLmRlc2NyaXB0aW9uIjoiVGVsZW1ldHJ5IEZvcmdlIEFnZW50IGlzIGEgc3RhYmxlLCBzZWN1cmUgYnkgZGVmYXVsdCwgT1NTIChBcGFjaGUtbGljZW5zZWQpIGRvd25zdHJlYW0gZGlzdHJpYnV0aW9uIG9mIEZsdWVudCBCaXQgd2l0aCBwcmVkaWN0YWJsZSByZWxlYXNlcyBhbmQgbG9uZy10ZXJtIHN1cHBvcnRlZCB2ZXJzaW9ucyBmb3IgMjQgbW9udGhzLiIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5saWNlbnNlcyI6IiIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5yZXZpc2lvbiI6IjRiOGMxYWUwNTg5Mzc3ZjZiMjA5NjBlYWUyNWMwN2U4MGQ0MzA0NTMiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2Uuc291cmNlIjoiaHR0cHM6Ly9naXRodWIuY29tL3RlbGVtZXRyeWZvcmdlL2FnZW50Iiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnRpdGxlIjoiYWdlbnQiLCJvcmcub3BlbmNvbnRhaW5lcnMuaW1hZ2UudXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3RlbGVtZXRyeWZvcmdlL2FnZW50Iiwib3JnLm9wZW5jb250YWluZXJzLmltYWdlLnZlcnNpb24iOiJ2MjUuMTAuMjQiLCJyZWxlYXNlIjoiMTc0NzExMTI2NyIsInN1bW1hcnkiOiJUZWxlbWV0cnkgRm9yZ2UgQWdlbnQgaXMgYW4gRW50ZXJwcmlzZSBoYXJkZW5lZCB2ZXJzaW9uIG9mIEZsdWVudCBCaXQiLCJ1cmwiOiJodHRwczovL3RlbGVtZXRyeWZvcmdlLmlvIiwidmNzLXJlZiI6Ijc1NzVkN2ViNDVlYjdmNTQ1ZmVmMzFiYTA2N2RmZTNkOGU1MmM0ZWIiLCJ2Y3MtdHlwZSI6ImdpdCIsInZlbmRvciI6IlRlbGVtZXRyeSBGb3JnZSBhdCBodHRwczovL3RlbGVtZXRyeWZvcmdlLmlvIiwidmVyc2lvbiI6IjI1LjEwLjI0In0sIkFyZ3NFc2NhcGVkIjp0cnVlfSwiY3JlYXRlZCI6IjIwMjYtMDQtMjBUMTA6NDc6MDUuMjk4NzMwNTA1WiIsImhpc3RvcnkiOlt7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI1LjY2ODQzMDcwNFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgbWFpbnRhaW5lcj1cIlJlZCBIYXQsIEluYy5cIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI1LjY4MzY4NDU4MVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgdmVuZG9yPVwiUmVkIEhhdCwgSW5jLlwiIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjUuNzAyOTI5MjZaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIHVybD1cImh0dHBzOi8vd3d3LnJlZGhhdC5jb21cIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI1LjcyMDM2MzUwN1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgY29tLnJlZGhhdC5jb21wb25lbnQ9XCJ1Ymk5LW1pbmltYWwtY29udGFpbmVyXCIgICAgICAgbmFtZT1cInViaTktbWluaW1hbFwiICAgICAgIHZlcnNpb249XCI5LjVcIiAgICAgICBkaXN0cmlidXRpb24tc2NvcGU9XCJwdWJsaWNcIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI1LjczNjAwOTMzMVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgY29tLnJlZGhhdC5saWNlbnNlX3Rlcm1zPVwiaHR0cHM6Ly93d3cucmVkaGF0LmNvbS9lbi9hYm91dC9yZWQtaGF0LWVuZC11c2VyLWxpY2Vuc2UtYWdyZWVtZW50cyNVQklcIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI1Ljc1MjU2MTE2MVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgc3VtbWFyeT1cIlByb3ZpZGVzIHRoZSBsYXRlc3QgcmVsZWFzZSBvZiB0aGUgbWluaW1hbCBSZWQgSGF0IFVuaXZlcnNhbCBCYXNlIEltYWdlIDkuXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS43Njc5Mjk5OFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgZGVzY3JpcHRpb249XCJUaGUgVW5pdmVyc2FsIEJhc2UgSW1hZ2UgTWluaW1hbCBpcyBhIHN0cmlwcGVkIGRvd24gaW1hZ2UgdGhhdCB1c2VzIG1pY3JvZG5mIGFzIGEgcGFja2FnZSBtYW5hZ2VyLiBUaGlzIGJhc2UgaW1hZ2UgaXMgZnJlZWx5IHJlZGlzdHJpYnV0YWJsZSwgYnV0IFJlZCBIYXQgb25seSBzdXBwb3J0cyBSZWQgSGF0IHRlY2hub2xvZ2llcyB0aHJvdWdoIHN1YnNjcmlwdGlvbnMgZm9yIFJlZCBIYXQgcHJvZHVjdHMuIFRoaXMgaW1hZ2UgaXMgbWFpbnRhaW5lZCBieSBSZWQgSGF0IGFuZCB1cGRhdGVkIHJlZ3VsYXJseS5cIiIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI1Ljc4MzM1NTk5MVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgaW8uazhzLmRlc2NyaXB0aW9uPVwiVGhlIFVuaXZlcnNhbCBCYXNlIEltYWdlIE1pbmltYWwgaXMgYSBzdHJpcHBlZCBkb3duIGltYWdlIHRoYXQgdXNlcyBtaWNyb2RuZiBhcyBhIHBhY2thZ2UgbWFuYWdlci4gVGhpcyBiYXNlIGltYWdlIGlzIGZyZWVseSByZWRpc3RyaWJ1dGFibGUsIGJ1dCBSZWQgSGF0IG9ubHkgc3VwcG9ydHMgUmVkIEhhdCB0ZWNobm9sb2dpZXMgdGhyb3VnaCBzdWJzY3JpcHRpb25zIGZvciBSZWQgSGF0IHByb2R1Y3RzLiBUaGlzIGltYWdlIGlzIG1haW50YWluZWQgYnkgUmVkIEhhdCBhbmQgdXBkYXRlZCByZWd1bGFybHkuXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS44MDIyODI0NTRaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIGlvLms4cy5kaXNwbGF5LW5hbWU9XCJSZWQgSGF0IFVuaXZlcnNhbCBCYXNlIEltYWdlIDkgTWluaW1hbFwiIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjUuODIwNDI4MDkzWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBMQUJFTCBpby5vcGVuc2hpZnQuZXhwb3NlLXNlcnZpY2VzPVwiXCIiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNS44MzcyMjg3MzlaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIExBQkVMIGlvLm9wZW5zaGlmdC50YWdzPVwibWluaW1hbCByaGVsOVwiIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjUuODUzODI1NzJaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIEVOViBjb250YWluZXIgb2NpIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjYuMzU0MTA5MDc1WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBDT1BZIGRpcjoyZGMyNTI4OWMzYjEwZjZmYWU2ODFkMDg1NDUyNDc0YmY0ZDEzM2Q4ZjQzNTUxMGUwZTlhYTY0MTE0Yjg2MWFiIGluIC8gIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjYuNDQ3MTIzMjIzWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBDT1BZIGZpbGU6YjM3ZDU5MzcxM2VlMjFhZDUyYTRjZDE0MjRkYzAxOWEyNGY3OTY2Zjg1ZGYwYWM0Yjg2ZDIzNDMwMjY5NTMyOCBpbiAvZXRjL3l1bS5yZXBvcy5kLy4gIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjYuNDYzMjcyODQ3WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSBDTUQgW1wiL2Jpbi9iYXNoXCJdIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjUtMDUtMTNUMDQ6NDI6MjYuNzY3OTA3MDU4WiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jIC4gL2NhY2hpMi9jYWNoaTIuZW52IFx1MDAyNlx1MDAyNiAgICAgcm0gLXJmIC92YXIvbG9nLyoiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNS0wNS0xM1QwNDo0MjoyNi44NTc5ODQyNTRaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIENPUFkgZmlsZTo1OGNjOTRmNWIzYjJkNjBkZTJjNzdhNmVkNGIxNzk3ZGNlZGU1MDJjY2RiNDI5YTcyZTdhNzJkOTk0MjM1YjNjIGluIC91c3Ivc2hhcmUvYnVpbGRpbmZvL2NvbnRlbnQtc2V0cy5qc29uICIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI1LTA1LTEzVDA0OjQyOjI3LjE2MjM2MTI5MVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgTEFCRUwgXCJidWlsZC1kYXRlXCI9XCIyMDI1LTA1LTEzVDA0OjQyOjEwXCIgXCJhcmNoaXRlY3R1cmVcIj1cIng4Nl82NFwiIFwidmNzLXR5cGVcIj1cImdpdFwiIFwidmNzLXJlZlwiPVwiNzU3NWQ3ZWI0NWViN2Y1NDVmZWYzMWJhMDY3ZGZlM2Q4ZTUyYzRlYlwiIFwicmVsZWFzZVwiPVwiMTc0NzExMTI2N1wiIn0seyJjcmVhdGVkIjoiMjAyNi0wNC0yMFQxMDo0MToxNC4yMDA4ODM2NDRaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIG1pY3JvZG5mIHVwZGF0ZSAteSBcdTAwMjZcdTAwMjYgbWljcm9kbmYgaW5zdGFsbCAteSBvcGVuc3NsIGxpYnlhbWwgXHUwMDI2XHUwMDI2IG1pY3JvZG5mIGNsZWFuIGFsbCAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI2LTA0LTIwVDEwOjQxOjE0LjI3OTI4MjMzNVoiLCJjcmVhdGVkX2J5IjoiRVhQT1NFIFsyMDIwL3RjcF0iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA0LTIwVDEwOjQxOjE0LjI3OTI4MjMzNVoiLCJjcmVhdGVkX2J5IjoiRU5UUllQT0lOVCBbXCIvZmx1ZW50LWJpdC9iaW4vZmx1ZW50LWJpdFwiXSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDQtMjBUMTA6NDE6MTQuMjc5MjgyMzM1WiIsImNyZWF0ZWRfYnkiOiJDTUQgW1wiL2ZsdWVudC1iaXQvYmluL2ZsdWVudC1iaXRcIiBcIi1jXCIgXCIvZmx1ZW50LWJpdC9ldGMvZmx1ZW50LWJpdC5jb25mXCJdIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNC0yMFQxMDo0MToxNC4yNzkyODIzMzVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgbGljZW5zZXMvKiAvbGljZW5zZXMvICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjYtMDQtMjBUMTA6NDE6MTQuMzM2Mjc4NzkxWiIsImNyZWF0ZWRfYnkiOiJDT1BZIFJFQURNRS5tZCAvaGVscC4xICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjYtMDQtMjBUMTA6NDc6MDQuODE2OTE0Njk0WiIsImNyZWF0ZWRfYnkiOiJDT1BZIC9mbHVlbnQtYml0IC9mbHVlbnQtYml0ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjYtMDQtMjBUMTA6NDc6MDQuODQ4MzM4NDhaIiwiY3JlYXRlZF9ieSI6IkNPUFkgL3Vzci9sb2NhbC9saWI2NC9saWJnaXQyLnNvKiAvdXNyL2xvY2FsL2xpYjY0LyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI2LTA0LTIwVDEwOjQ3OjA0Ljg3NjMwNjc1NFoiLCJjcmVhdGVkX2J5IjoiQ09QWSAvdXNyL2xvY2FsL2xpYi9saWJzc2gyLnNvKiAvdXNyL2xvY2FsL2xpYi8gIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNi0wNC0yMFQxMDo0NzowNC45NzQ2ODgxODVaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGVjaG8gXCIvdXNyL2xvY2FsL2xpYjY0XCIgXHUwMDNlIC9ldGMvbGQuc28uY29uZi5kL2xvY2FsLWxpYnMuY29uZiBcdTAwMjZcdTAwMjYgICAgIGVjaG8gXCIvdXNyL2xvY2FsL2xpYlwiIFx1MDAzZVx1MDAzZSAvZXRjL2xkLnNvLmNvbmYuZC9sb2NhbC1saWJzLmNvbmYgXHUwMDI2XHUwMDI2ICAgICBsZGNvbmZpZyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI2LTA0LTIwVDEwOjQ3OjA1LjA2OTUwODMyOVoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgbWtkaXIgLXAgL29wdC9mbHVlbnRkby1hZ2VudC9ldGMgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNi0wNC0yMFQxMDo0NzowNS4wOTA2NDM2OTdaIiwiY3JlYXRlZF9ieSI6IkNPUFkgY29uZmlnLyAvb3B0L2ZsdWVudGRvLWFnZW50L2V0Yy8gIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNi0wNC0yMFQxMDo0NzowNS4xMDY4MDA0ODJaIiwiY3JlYXRlZF9ieSI6IkNPUFkgY29uZmlnLyAvZmx1ZW50LWJpdC9ldGMvICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjYtMDQtMjBUMTA6NDc6MDUuMTkxMjMyMDAxWiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyAvZmx1ZW50LWJpdC9iaW4vZmx1ZW50LWJpdCAtSiBcdTAwM2UgL2ZsdWVudC1iaXQvZXRjL3NjaGVtYS5qc29uIFx1MDAyNlx1MDAyNiAgICAgL2ZsdWVudC1iaXQvYmluL2ZsdWVudC1iaXQgLUogXHUwMDNlIC9vcHQvZmx1ZW50ZG8tYWdlbnQvZXRjL3NjaGVtYS5qc29uICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjYtMDQtMjBUMTA6NDc6MDUuMTkxMjMyMDAxWiIsImNyZWF0ZWRfYnkiOiJBUkcgRkxVRU5UX0JJVF9WRVJTSU9OIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNC0yMFQxMDo0NzowNS4xOTEyMzIwMDFaIiwiY3JlYXRlZF9ieSI6IkFSRyBGTFVFTlRET19BR0VOVF9WRVJTSU9OPTI1LjEwLjI0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNC0yMFQxMDo0NzowNS4xOTEyMzIwMDFaIiwiY3JlYXRlZF9ieSI6IkVOViBGTFVFTlRCSVRfVkVSU0lPTj0iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA0LTIwVDEwOjQ3OjA1LjE5MTIzMjAwMVoiLCJjcmVhdGVkX2J5IjoiRU5WIEZMVUVOVERPX0FHRU5UX1ZFUlNJT049MjUuMTAuMjQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA0LTIwVDEwOjQ3OjA1LjE5MTIzMjAwMVoiLCJjcmVhdGVkX2J5IjoiTEFCRUwgdmVuZG9yPUZsdWVudERvIGF0IGh0dHBzOi8vZmx1ZW50LmRvIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNC0yMFQxMDo0NzowNS4xOTEyMzIwMDFaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIG1haW50YWluZXI9Rmx1ZW50RG8gdmlhIGluZm9AZmx1ZW50LmRvIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNC0yMFQxMDo0NzowNS4xOTEyMzIwMDFaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIG5hbWU9Rmx1ZW50RG8gQWdlbnQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA0LTIwVDEwOjQ3OjA1LjE5MTIzMjAwMVoiLCJjcmVhdGVkX2J5IjoiTEFCRUwgaW8uazhzLmRpc3BsYXktbmFtZT1GbHVlbnREbyBBZ2VudCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDQtMjBUMTA6NDc6MDUuMTkxMjMyMDAxWiIsImNyZWF0ZWRfYnkiOiJMQUJFTCBzdW1tYXJ5PUZsdWVudERvIEFnZW50IGlzIGFuIEVudGVycHJpc2UgaGFyZGVuZWQgdmVyc2lvbiBvZiBGbHVlbnQgQml0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNC0yMFQxMDo0NzowNS4xOTEyMzIwMDFaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIHVybD1odHRwczovL2ZsdWVudC5kbyIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDQtMjBUMTA6NDc6MDUuMTkxMjMyMDAxWiIsImNyZWF0ZWRfYnkiOiJMQUJFTCBpby5vcGVuc2hpZnQudGFncz1vYnNlcnZhYmlsaXR5LGxvZ2dpbmcsbG9nLWFnZ3JlZ2F0aW9uLGZsdWVudGRvLGZsdWVudC1iaXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI2LTA0LTIwVDEwOjQ3OjA1LjE5MTIzMjAwMVoiLCJjcmVhdGVkX2J5IjoiTEFCRUwgdmVyc2lvbj0yNS4xMC4yNCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjYtMDQtMjBUMTA6NDc6MDUuMTkxMjMyMDAxWiIsImNyZWF0ZWRfYnkiOiJMQUJFTCBpby5rOHMuZGVzY3JpcHRpb249Rmx1ZW50RG8gQWdlbnQgaXMgYSBzdGFibGUsIHNlY3VyZSBieSBkZWZhdWx0LCBPU1MgKEFwYWNoZS1saWNlbnNlZCkgZG93bnN0cmVhbSBkaXN0cmlidXRpb24gb2YgRmx1ZW50IEJpdCB3aXRoIHByZWRpY3RhYmxlIHJlbGVhc2VzIGFuZCBsb25nLXRlcm0gc3VwcG9ydGVkIHZlcnNpb25zIGZvciAyNCBtb250aHMuIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNi0wNC0yMFQxMDo0NzowNS4yOTg3MzA1MDVaIiwiY3JlYXRlZF9ieSI6IlJVTiB8MiBGTFVFTlRfQklUX1ZFUlNJT049IEZMVUVOVERPX0FHRU5UX1ZFUlNJT049MjUuMTAuMjQgL2Jpbi9zaCAtYyB1c2VyYWRkIC11IDk4NzYgLW0gLXMgL2Jpbi9mYWxzZSBmbHVlbnRkby1hZ2VudCAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI2LTA0LTIwVDEwOjQ3OjA1LjI5ODczMDUwNVoiLCJjcmVhdGVkX2J5IjoiVVNFUiA5ODc2IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX1dLCJvcyI6ImxpbnV4Iiwicm9vdGZzIjp7InR5cGUiOiJsYXllcnMiLCJkaWZmX2lkcyI6WyJzaGEyNTY6N2I5ZDhlZTA2YmViODc5NGQxNDM1YWNhMjVlZDc2MTNlNDI4YjAwYTg2YTZmODBlYjVmMWE2NzFiNWNiOWRjMiIsInNoYTI1NjoxYmRkMDNlNmU3ODk1OWQ5OGJmZDdiOThiYzU4MGFkZjYyY2NjOTVhMDhlNDcwN2UyY2Y0ZjE1YWVhYzZiNGYyIiwic2hhMjU2OmMwYjllODJmYmY0OTgwNWZmMzUwOTk5Y2RlODY5MGI2YTE3NjlkY2EyYjYxMTljOWU2MzhhYmY2ZDNhMGQxZGEiLCJzaGEyNTY6NzEwM2IxZjU3YzE4ZWNiNGNjYmU3MmFmNzY1MDNiOTU1ODMyZWVkOGU0NzIwOTI4ZDgzYzJjZDJjMTZkYzc5NyIsInNoYTI1NjozNjQxN2IxZDg2ODIyOGJjMDc3ZWVhYjkzYWQ4Y2I1NjI4YTdlMzU2MGQyZjVkMzg1M2JkZTQzYzFkNzRhYzNmIiwic2hhMjU2OmRiNjQ1ZDdiYzFlYzk4YjdiM2U1ZWY4YjNhMWU1NWUwMzc5ZjliNzkzZDc1MDYzODQ4NmEyZWU3MjUyNWY5ZTkiLCJzaGEyNTY6NDE1Y2I0MGZmY2MxNjlhNjI3ZjIwZWQyNjQ4Yzk2NTcwNTkyNGI3NzNlNzQxZTNhNzI1OWNhNDA2NWM0YjIxZCIsInNoYTI1NjpkM2Y3MjZmMTE1NDFkOTYzMDA2MGM3NTMwYmZmODUwMTVmMGNhYzE3Y2EzZjAzMzhkODQ2OGU4YzQ4NmFmMjg4Iiwic2hhMjU2OjhlNjkyYjg2OGZjZDc0ODAwZjQ3MDY2N2QzMjViNmVkMDNmZTZjMmYzYTgxODc2NTlmODUxZTkwZTNiNDg4NzUiLCJzaGEyNTY6MTEzNDMxZTZlM2MwNmQ0NDdlMGEzODBkYTg2OGNlYTUzYTY1NTcwOGVhMWYzMzc5ZGRlNDIyODM3MWJlMmViNCIsInNoYTI1NjplZDRkYzZiOTc5MWQ4YmEwYWQzZmE3OTg2MDAwMmFiYmVhZWJlMTdiNTBjM2Q1ZDMyODFiNWFkMDViYmZlMDljIiwic2hhMjU2Ojc4YjUxNjA3MDQzZTJlNTQxNmVlNzg3ZDZjYzEzYjYyYTdjYjE3MTFjN2FiN2M0NTEzYjFmNzZmOGVhOTZkOWUiLCJzaGEyNTY6MGNlNWY1ZjU0OGVjYTI5ODhhMGQ3MzE1ZWYwY2YwOTg3N2ZlMzRmODZhMTI3YmIyN2JlM2NmODQ5Y2U4YjI3OCJdfX0=", "repoDigests": [ "ghcr.io/telemetryforge/agent@sha256:722a30b342076aa1d0a5294bb52b164a6ff07800dd6782d788d2ed344c92521a" ], "architecture": "amd64", "os": "linux", "labels": { "architecture": "x86_64", "build-date": "20260420-104100", "com.redhat.component": "ubi9-minimal-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Telemetry Forge Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months.", "distribution-scope": "public", "io.buildah.version": "1.39.0-dev", "io.k8s.description": "Telemetry Forge Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months.", "io.k8s.display-name": "Telemetry Forge Agent", "io.openshift.expose-services": "", "io.openshift.tags": "observability,logging,log-aggregation,telemetryforge,fluent-bit", "maintainer": "Telemetry Forge via info@telemetryforge.io", "name": "Telemetry Forge Agent", "org.opencontainers.image.created": "2026-04-20T10:41:00.950Z", "org.opencontainers.image.description": "Telemetry Forge Agent is a stable, secure by default, OSS (Apache-licensed) downstream distribution of Fluent Bit with predictable releases and long-term supported versions for 24 months.", "org.opencontainers.image.licenses": "", "org.opencontainers.image.revision": "4b8c1ae0589377f6b20960eae25c07e80d430453", "org.opencontainers.image.source": "https://github.com/telemetryforge/agent", "org.opencontainers.image.title": "agent", "org.opencontainers.image.url": "https://github.com/telemetryforge/agent", "org.opencontainers.image.version": "v25.10.24", "release": "1747111267", "summary": "Telemetry Forge Agent is an Enterprise hardened version of Fluent Bit", "url": "https://telemetryforge.io", "vcs-ref": "7575d7eb45eb7f545fef31ba067dfe3d8e52c4eb", "vcs-type": "git", "vendor": "Telemetry Forge at https://telemetryforge.io", "version": "25.10.24" } } }, "distro": { "name": "redhat", "version": "9.7", "idLike": [ "fedora" ] }, "descriptor": { "name": "grype", "version": "0.111.1", "configuration": { "output": [ "json" ], "file": "security/agent/grype-25.10.24.json", "pretty": true, "distro": "", "add-cpes-if-none": false, "output-template-file": "", "check-for-app-update": true, "only-fixed": false, "only-notfixed": false, "ignore-wontfix": "", "platform": "", "search": { "scope": "squashed", "unindexed-archives": false, "indexed-archives": true }, "ignore": [ { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "kernel-headers", "version": "", "language": "", "type": "rpm", "location": "", "upstream-name": "kernel" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" }, { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "linux(-.*)?-headers-.*", "version": "", "language": "", "type": "deb", "location": "", "upstream-name": "linux.*" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" }, { "vulnerability": "", "include-aliases": false, "reason": "", "namespace": "", "fix-state": "", "package": { "name": "linux-libc-dev", "version": "", "language": "", "type": "deb", "location": "", "upstream-name": "linux" }, "vex-status": "", "vex-justification": "", "match-type": "exact-indirect-match" } ], "exclude": [], "externalSources": { "enable": false, "maven": { "searchUpstreamBySha1": true, "baseUrl": "https://search.maven.org/solrsearch/select", "rateLimit": 300000000 } }, "match": { "java": { "using-cpes": false }, "jvm": { "using-cpes": true }, "dotnet": { "using-cpes": false }, "golang": { "using-cpes": false, "always-use-cpe-for-stdlib": true, "allow-main-module-pseudo-version-comparison": false }, "javascript": { "using-cpes": false }, "python": { "using-cpes": false }, "ruby": { "using-cpes": false }, "rust": { "using-cpes": false }, "hex": { "using-cpes": false }, "stock": { "using-cpes": true }, "dpkg": { "using-cpes": false, "missing-epoch-strategy": "zero", "use-cpes-for-eol": false }, "rpm": { "using-cpes": false, "missing-epoch-strategy": "auto", "use-cpes-for-eol": false } }, "fail-on-severity": "", "registry": { "insecure-skip-tls-verify": false, "insecure-use-http": false, "ca-cert": "" }, "show-suppressed": false, "by-cve": false, "SortBy": { "sort-by": "risk" }, "name": "", "default-image-pull-source": "", "from": null, "vex-documents": [], "vex-add": [], "match-upstream-kernel-headers": false, "fix-channel": { "redhat-eus": { "apply": "auto", "versions": ">= 8.0" } }, "timestamp": false, "alerts": { "enable-eol-distro-warnings": true }, "db": { "cache-dir": ".cache/grype/db", "update-url": "https://grype.anchore.io/databases", "ca-cert": "", "auto-update": true, "validate-by-hash-on-start": true, "validate-age": true, "max-allowed-built-age": 432000000000000, "require-update-check": false, "update-available-timeout": 30000000000, "update-download-timeout": 300000000000, "max-update-check-frequency": 7200000000000 }, "exp": {}, "dev": { "db": { "debug": false } } }, "db": { "status": { "schemaVersion": "v6.1.4", "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-04-27T08:59:18Z_1777360662.tar.zst?checksum=sha256%3A0a48647b7ac49772836147a2e1eedb50e3c966ac4544e5cf518a8a68f0212781", "built": "2026-04-28T07:17:42Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { "captured": "2026-04-28T00:44:16Z", "input": "xxh64:1b46f6f1ee9783b6" }, "alpine": { "captured": "2026-04-28T00:44:31Z", "input": "xxh64:e7e6b44920a79618" }, "amazon": { "captured": "2026-04-28T00:44:29Z", "input": "xxh64:d7af2299a168043e" }, "arch": { "captured": "2026-04-28T00:44:23Z", "input": "xxh64:b477def28ae2ac9a" }, "bitnami": { "captured": "2026-04-28T00:44:23Z", "input": "xxh64:bf825eb216550847" }, "chainguard": { "captured": "2026-04-28T00:44:28Z", "input": "xxh64:c1948cf75cf09b8b" }, "chainguard-libraries": { "captured": "2026-04-28T00:44:27Z", "input": "xxh64:fd0f7aa3082d6474" }, "debian": { "captured": "2026-04-28T00:44:31Z", "input": "xxh64:4a7fabd5a110a725" }, "echo": { "captured": "2026-04-28T00:44:25Z", "input": "xxh64:1b6382ce8ce1e22a" }, "eol": { "captured": "2026-04-28T00:44:25Z", "input": "xxh64:b7a4b43a6a52ac24" }, "epss": { "captured": "2026-04-28T00:44:32Z", "input": "xxh64:ae1b1638ba052826" }, "fedora": { "captured": "2026-04-28T00:44:28Z", "input": "xxh64:e1a96127d44681d2" }, "github": { "captured": "2026-04-28T00:44:18Z", "input": "xxh64:6653f4759bc9281c" }, "hummingbird": { "captured": "2026-04-28T00:44:30Z", "input": "xxh64:032936e8aac13dbe" }, "kev": { "captured": "2026-04-28T00:44:14Z", "input": "xxh64:101e117c2b00eee3" }, "mariner": { "captured": "2026-04-28T00:44:22Z", "input": "xxh64:b85c25c624bac779" }, "minimos": { "captured": "2026-04-28T00:44:20Z", "input": "xxh64:1f84cd7f40d31860" }, "nvd": { "captured": "2026-04-28T00:44:31Z", "input": "xxh64:316bdc9ed5aca652" }, "oracle": { "captured": "2026-04-28T00:44:16Z", "input": "xxh64:8ba7df6278dab7ac" }, "photon": { "captured": "2026-04-28T00:44:19Z", "input": "xxh64:abce0747dda045c3" }, "rhel": { "captured": "2026-04-28T00:44:58Z", "input": "xxh64:e23a0c7aa22bee56" }, "secureos": { "captured": "2026-04-28T00:44:24Z", "input": "xxh64:666df02c7462c081" }, "sles": { "captured": "2026-04-28T00:44:09Z", "input": "xxh64:ae9d6b81358bc27d" }, "ubuntu": { "captured": "2026-04-27T08:59:18Z", "input": "xxh64:17f8dd2bb345319a" }, "wolfi": { "captured": "2026-04-28T00:44:26Z", "input": "xxh64:21a164b2f36d51b0" } } } } }