From a36f0a24198e92b623ec19fd4bc479680dbc1c66 Mon Sep 17 00:00:00 2001 From: patrick-stephens <6388272+patrick-stephens@users.noreply.github.com> Date: Wed, 7 Jan 2026 06:03:23 +0000 Subject: [PATCH] ci: update cve scan results Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- docs/security/agent/grype-25.10.1.json | 2933 ++++++----- docs/security/agent/grype-25.10.1.md | 20 +- docs/security/agent/grype-25.10.10.json | 1933 ++++--- docs/security/agent/grype-25.10.10.md | 16 +- docs/security/agent/grype-25.10.2.json | 2933 ++++++----- docs/security/agent/grype-25.10.2.md | 20 +- docs/security/agent/grype-25.10.3.json | 2933 ++++++----- docs/security/agent/grype-25.10.3.md | 20 +- docs/security/agent/grype-25.10.4.json | 2933 ++++++----- docs/security/agent/grype-25.10.4.md | 20 +- docs/security/agent/grype-25.10.5.json | 2933 ++++++----- docs/security/agent/grype-25.10.5.md | 20 +- docs/security/agent/grype-25.10.6.json | 2933 ++++++----- docs/security/agent/grype-25.10.6.md | 20 +- docs/security/agent/grype-25.10.7.json | 2933 ++++++----- docs/security/agent/grype-25.10.7.md | 20 +- docs/security/agent/grype-25.10.8.json | 1933 ++++--- docs/security/agent/grype-25.10.8.md | 16 +- docs/security/agent/grype-25.10.9.json | 2317 ++++---- docs/security/agent/grype-25.10.9.md | 18 +- docs/security/agent/grype-25.11.1.json | 2933 ++++++----- docs/security/agent/grype-25.11.1.md | 20 +- docs/security/agent/grype-25.11.2.json | 2933 ++++++----- docs/security/agent/grype-25.11.2.md | 20 +- docs/security/agent/grype-25.12.1.json | 2287 ++++---- docs/security/agent/grype-25.12.1.md | 16 +- docs/security/agent/grype-25.12.2.json | 2231 ++++---- docs/security/agent/grype-25.12.2.md | 16 +- docs/security/agent/grype-25.12.3.json | 2231 ++++---- docs/security/agent/grype-25.12.3.md | 16 +- docs/security/agent/grype-25.12.4.json | 2231 ++++---- docs/security/agent/grype-25.12.4.md | 16 +- docs/security/agent/grype-25.7.1.json | 6417 ++++++++++++----------- docs/security/agent/grype-25.7.1.md | 32 +- docs/security/agent/grype-25.7.2.json | 6417 ++++++++++++----------- docs/security/agent/grype-25.7.2.md | 32 +- docs/security/agent/grype-25.7.4.json | 6141 +++++++++++----------- docs/security/agent/grype-25.7.4.md | 32 +- docs/security/agent/grype-25.8.2.json | 3481 ++++++------ docs/security/agent/grype-25.8.2.md | 20 +- docs/security/agent/grype-25.8.4.json | 3233 ++++++------ docs/security/agent/grype-25.8.4.md | 20 +- docs/security/agent/grype-25.9.1.json | 3221 ++++++------ docs/security/agent/grype-25.9.1.md | 20 +- docs/security/agent/grype-25.9.2.json | 3221 ++++++------ docs/security/agent/grype-25.9.2.md | 20 +- docs/security/agent/grype-25.9.3.json | 3221 ++++++------ docs/security/agent/grype-25.9.3.md | 20 +- docs/security/agent/grype-25.9.4.json | 2933 ++++++----- docs/security/agent/grype-25.9.4.md | 20 +- docs/security/agent/grype-25.9.5.json | 2933 ++++++----- docs/security/agent/grype-25.9.5.md | 20 +- docs/security/agent/grype-latest.md | 3 +- docs/security/oss/grype-4.0.10.json | 1917 +++---- docs/security/oss/grype-4.0.10.md | 10 +- docs/security/oss/grype-4.0.11.json | 1917 +++---- docs/security/oss/grype-4.0.11.md | 10 +- docs/security/oss/grype-4.0.12.json | 1661 +++--- docs/security/oss/grype-4.0.12.md | 6 +- docs/security/oss/grype-4.0.13.json | 1661 +++--- docs/security/oss/grype-4.0.13.md | 6 +- docs/security/oss/grype-4.0.3.json | 3667 ++++++------- docs/security/oss/grype-4.0.3.md | 14 +- docs/security/oss/grype-4.0.4.json | 3667 ++++++------- docs/security/oss/grype-4.0.4.md | 14 +- docs/security/oss/grype-4.0.5.json | 3635 ++++++------- docs/security/oss/grype-4.0.5.md | 14 +- docs/security/oss/grype-4.0.6.json | 3635 ++++++------- docs/security/oss/grype-4.0.6.md | 14 +- docs/security/oss/grype-4.0.7.json | 3635 ++++++------- docs/security/oss/grype-4.0.7.md | 14 +- docs/security/oss/grype-4.0.8.json | 3635 ++++++------- docs/security/oss/grype-4.0.8.md | 14 +- docs/security/oss/grype-4.0.9.json | 3635 ++++++------- docs/security/oss/grype-4.0.9.md | 14 +- docs/security/oss/grype-4.1.0.json | 2319 ++++---- docs/security/oss/grype-4.1.0.md | 10 +- 77 files changed, 63007 insertions(+), 55428 deletions(-) diff --git a/docs/security/agent/grype-25.10.1.json b/docs/security/agent/grype-25.10.1.json index 3b7bb9f..b90a02c 100644 --- a/docs/security/agent/grype-25.10.1.json +++ b/docs/security/agent/grype-25.10.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1918,9 +1918,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1942,7 +1942,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1985,9 +1985,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2083,9 +2083,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2107,7 +2107,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -2158,9 +2158,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2257,8 +2257,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2353,8 +2353,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2457,8 +2457,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2516,8 +2516,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2608,8 +2608,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2667,8 +2667,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,63 +2747,246 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23155, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", @@ -2820,8 +3003,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2911,9 +3094,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2929,7 +3112,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2960,9 +3143,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3053,8 +3236,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3101,8 +3284,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3193,8 +3376,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3241,8 +3424,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3321,257 +3504,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ + } + ], + "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3665,8 +3665,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3708,8 +3708,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3803,8 +3803,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3851,8 +3851,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3943,8 +3943,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4004,8 +4004,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4101,8 +4101,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4162,8 +4162,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4258,9 +4258,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4290,7 +4290,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -4333,9 +4333,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4442,9 +4442,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -4460,7 +4460,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4535,8 +4535,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4601,8 +4601,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4676,87 +4676,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4773,31 +4740,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4805,23 +4758,346 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -4876,8 +5152,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -4952,8 +5228,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5064,8 +5340,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5138,8 +5414,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5210,31 +5486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -5242,48 +5526,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5291,87 +5587,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b2050fe1de2cbb81", + "name": "fluent-bit", + "version": "25.10.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5379,48 +5767,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5428,21 +5824,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5456,25 +5852,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5507,8 +5892,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5561,8 +5946,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5636,134 +6021,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "b2050fe1de2cbb81", - "name": "fluent-bit", - "version": "25.10.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5771,49 +6061,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5828,21 +6130,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5856,13 +6158,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5896,8 +6198,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5938,8 +6240,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6033,8 +6335,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6075,8 +6377,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6147,12 +6449,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -6168,18 +6470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6191,27 +6493,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -6230,18 +6532,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6262,7 +6564,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -6324,8 +6626,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6377,8 +6679,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6469,8 +6771,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6522,8 +6824,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6625,8 +6927,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6679,8 +6981,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6782,8 +7084,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6848,8 +7150,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6923,39 +7225,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6963,68 +7265,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7032,21 +7320,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7060,14 +7348,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7100,8 +7393,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7148,8 +7441,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7184,8 +7477,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7203,10 +7496,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7245,8 +7538,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7293,8 +7586,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7329,8 +7622,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7348,10 +7641,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7390,8 +7683,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7438,8 +7731,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7474,8 +7767,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7490,13 +7783,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7512,36 +7805,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7552,44 +7845,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7599,7 +7906,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7607,21 +7914,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7638,16 +7945,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7680,8 +7982,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7741,8 +8043,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7833,8 +8135,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7901,8 +8203,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7987,39 +8289,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8027,31 +8329,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8059,29 +8361,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8102,7 +8404,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8164,8 +8466,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8234,8 +8536,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8309,20 +8611,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8330,16 +8632,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8349,31 +8651,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -8381,10 +8682,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8392,16 +8693,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8418,21 +8719,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -8446,13 +8747,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8463,38 +8764,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8503,59 +8804,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8571,21 +8860,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8599,13 +8888,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8987,87 +9276,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.10.1.md b/docs/security/agent/grype-25.10.1.md index 71bec2a..cb5ebac 100644 --- a/docs/security/agent/grype-25.10.1.md +++ b/docs/security/agent/grype-25.10.1.md @@ -6,18 +6,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -26,13 +27,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -52,13 +54,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.10.json b/docs/security/agent/grype-25.10.10.json index b034cbd..d6fcb1e 100644 --- a/docs/security/agent/grype-25.10.10.json +++ b/docs/security/agent/grype-25.10.10.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -185,95 +185,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -281,21 +298,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -309,105 +326,133 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -422,21 +467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -450,28 +495,28 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -501,8 +546,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -557,8 +602,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -626,112 +671,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -739,21 +767,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -767,133 +795,105 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -908,21 +908,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -936,28 +936,28 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -987,8 +987,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1058,8 +1058,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1161,8 +1161,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1232,8 +1232,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1335,8 +1335,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1380,8 +1380,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1520,8 +1520,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1615,8 +1615,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1754,9 +1754,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1778,7 +1778,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1821,9 +1821,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1919,9 +1919,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -1943,7 +1943,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -1994,9 +1994,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2093,8 +2093,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2189,8 +2189,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2293,8 +2293,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2352,8 +2352,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2444,8 +2444,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2503,8 +2503,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2606,8 +2606,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2656,8 +2656,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,9 +2747,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2765,7 +2765,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2796,9 +2796,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2889,8 +2889,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -2937,8 +2937,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3029,8 +3029,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3077,8 +3077,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3223,8 +3223,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3318,8 +3318,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3361,8 +3361,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3456,8 +3456,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3504,8 +3504,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3596,8 +3596,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3657,8 +3657,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3754,8 +3754,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3815,8 +3815,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3914,9 +3914,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -3932,7 +3932,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4007,8 +4007,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4073,8 +4073,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4170,9 +4170,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -4180,7 +4180,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { @@ -4192,7 +4192,8 @@ "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ @@ -4212,9 +4213,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -4307,9 +4308,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -4317,7 +4318,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { @@ -4329,7 +4330,8 @@ "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ @@ -4349,9 +4351,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -4422,44 +4424,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -4468,52 +4464,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" - ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -4529,21 +4525,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -4557,13 +4553,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4599,9 +4595,9 @@ "epss": [ { "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" } ], "cwes": [ @@ -4617,7 +4613,7 @@ "state": "" }, "advisories": [], - "risk": 0.009975000000000001 + "risk": 0.011025000000000002 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4691,9 +4687,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" } ], "cwes": [ @@ -4709,7 +4705,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010795 }, "relatedVulnerabilities": [ { @@ -4723,35 +4719,341 @@ "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04611, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04611, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010349999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -4766,21 +5068,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4794,13 +5096,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4834,8 +5136,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -4876,8 +5178,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -4971,8 +5273,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5013,8 +5315,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -5085,12 +5387,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -5106,18 +5408,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5129,27 +5431,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -5168,18 +5470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5200,7 +5502,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -5262,8 +5564,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5315,8 +5617,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5407,8 +5709,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5460,8 +5762,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5563,8 +5865,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -5617,8 +5919,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -5720,8 +6022,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -5786,8 +6088,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -5861,39 +6163,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5901,68 +6203,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5970,21 +6258,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -5998,14 +6286,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6038,8 +6331,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6086,8 +6379,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6122,8 +6415,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6141,10 +6434,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6183,8 +6476,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6231,8 +6524,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6267,8 +6560,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6286,10 +6579,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6328,8 +6621,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6376,8 +6669,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6412,8 +6705,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6428,13 +6721,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6450,36 +6743,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -6490,44 +6783,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -6537,7 +6844,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6545,21 +6852,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6576,16 +6883,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6618,8 +6920,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -6679,8 +6981,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -6771,8 +7073,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -6839,8 +7141,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -6925,39 +7227,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6965,31 +7267,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -6997,29 +7299,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7040,7 +7342,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7102,8 +7404,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -7172,8 +7474,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -7247,20 +7549,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7268,16 +7570,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7287,31 +7589,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7319,10 +7620,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7330,16 +7631,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7356,21 +7657,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -7384,13 +7685,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7401,38 +7702,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7441,59 +7742,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7509,21 +7798,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7537,13 +7826,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7933,87 +8222,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.10.10.md b/docs/security/agent/grype-25.10.10.md index 574ba85..4d9d626 100644 --- a/docs/security/agent/grype-25.10.10.md +++ b/docs/security/agent/grype-25.10.10.md @@ -5,14 +5,15 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.10 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.10 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -21,12 +22,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -46,13 +48,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.2.json b/docs/security/agent/grype-25.10.2.json index 9124244..e335e8f 100644 --- a/docs/security/agent/grype-25.10.2.json +++ b/docs/security/agent/grype-25.10.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1918,9 +1918,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1942,7 +1942,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1985,9 +1985,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2083,9 +2083,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2107,7 +2107,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -2158,9 +2158,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2257,8 +2257,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2353,8 +2353,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2457,8 +2457,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2516,8 +2516,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2608,8 +2608,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2667,8 +2667,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,63 +2747,246 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23155, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", @@ -2820,8 +3003,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2911,9 +3094,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2929,7 +3112,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2960,9 +3143,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3053,8 +3236,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3101,8 +3284,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3193,8 +3376,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3241,8 +3424,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3321,257 +3504,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ + } + ], + "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3665,8 +3665,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3708,8 +3708,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3803,8 +3803,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3851,8 +3851,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3943,8 +3943,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4004,8 +4004,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4101,8 +4101,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4162,8 +4162,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4258,9 +4258,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4290,7 +4290,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -4333,9 +4333,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4442,9 +4442,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -4460,7 +4460,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4535,8 +4535,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4601,8 +4601,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4676,87 +4676,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4773,31 +4740,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4805,23 +4758,346 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -4876,8 +5152,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -4952,8 +5228,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5064,8 +5340,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5138,8 +5414,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5210,31 +5486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -5242,48 +5526,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5291,87 +5587,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "04d33236b6f59eb8", + "name": "fluent-bit", + "version": "25.10.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.2", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5379,48 +5767,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5428,21 +5824,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5456,25 +5852,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5507,8 +5892,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5561,8 +5946,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5636,134 +6021,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "04d33236b6f59eb8", - "name": "fluent-bit", - "version": "25.10.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5771,49 +6061,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5828,21 +6130,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5856,13 +6158,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5896,8 +6198,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5938,8 +6240,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6033,8 +6335,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6075,8 +6377,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6147,12 +6449,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -6168,18 +6470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6191,27 +6493,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -6230,18 +6532,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6262,7 +6564,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -6324,8 +6626,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6377,8 +6679,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6469,8 +6771,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6522,8 +6824,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6625,8 +6927,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6679,8 +6981,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6782,8 +7084,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6848,8 +7150,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6923,39 +7225,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6963,68 +7265,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7032,21 +7320,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7060,14 +7348,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7100,8 +7393,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7148,8 +7441,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7184,8 +7477,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7203,10 +7496,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7245,8 +7538,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7293,8 +7586,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7329,8 +7622,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7348,10 +7641,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7390,8 +7683,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7438,8 +7731,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7474,8 +7767,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7490,13 +7783,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7512,36 +7805,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7552,44 +7845,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7599,7 +7906,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7607,21 +7914,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7638,16 +7945,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7680,8 +7982,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7741,8 +8043,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7833,8 +8135,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7901,8 +8203,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7987,39 +8289,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8027,31 +8329,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8059,29 +8361,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8102,7 +8404,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8164,8 +8466,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8234,8 +8536,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8309,20 +8611,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8330,16 +8632,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8349,31 +8651,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -8381,10 +8682,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8392,16 +8693,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8418,21 +8719,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -8446,13 +8747,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8463,38 +8764,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8503,59 +8804,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8571,21 +8860,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8599,13 +8888,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8995,87 +9284,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.10.2.md b/docs/security/agent/grype-25.10.2.md index dede08d..f42d56c 100644 --- a/docs/security/agent/grype-25.10.2.md +++ b/docs/security/agent/grype-25.10.2.md @@ -6,18 +6,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -26,13 +27,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -52,13 +54,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.3.json b/docs/security/agent/grype-25.10.3.json index 3678d83..efb377e 100644 --- a/docs/security/agent/grype-25.10.3.json +++ b/docs/security/agent/grype-25.10.3.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1918,9 +1918,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1942,7 +1942,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1985,9 +1985,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2083,9 +2083,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2107,7 +2107,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -2158,9 +2158,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2257,8 +2257,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2353,8 +2353,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2457,8 +2457,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2516,8 +2516,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2608,8 +2608,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2667,8 +2667,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,63 +2747,246 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23155, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", @@ -2820,8 +3003,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2911,9 +3094,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2929,7 +3112,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2960,9 +3143,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3053,8 +3236,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3101,8 +3284,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3193,8 +3376,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3241,8 +3424,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3321,257 +3504,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ + } + ], + "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3665,8 +3665,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3708,8 +3708,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3803,8 +3803,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3851,8 +3851,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3943,8 +3943,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4004,8 +4004,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4101,8 +4101,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4162,8 +4162,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4258,9 +4258,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4290,7 +4290,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -4333,9 +4333,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4442,9 +4442,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -4460,7 +4460,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4535,8 +4535,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4601,8 +4601,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4676,87 +4676,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4773,31 +4740,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4805,23 +4758,346 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -4876,8 +5152,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -4952,8 +5228,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5064,8 +5340,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5138,8 +5414,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5210,31 +5486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -5242,48 +5526,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5291,87 +5587,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "58605501f0a6c108", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5379,48 +5767,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5428,21 +5824,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5456,25 +5852,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5507,8 +5892,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5561,8 +5946,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5636,134 +6021,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "58605501f0a6c108", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5771,49 +6061,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5828,21 +6130,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5856,13 +6158,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5896,8 +6198,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5938,8 +6240,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6033,8 +6335,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6075,8 +6377,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6147,12 +6449,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -6168,18 +6470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6191,27 +6493,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -6230,18 +6532,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6262,7 +6564,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -6324,8 +6626,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6377,8 +6679,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6469,8 +6771,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6522,8 +6824,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6625,8 +6927,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6679,8 +6981,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6782,8 +7084,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6848,8 +7150,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6923,39 +7225,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6963,68 +7265,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7032,21 +7320,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7060,14 +7348,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7100,8 +7393,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7148,8 +7441,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7184,8 +7477,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7203,10 +7496,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7245,8 +7538,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7293,8 +7586,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7329,8 +7622,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7348,10 +7641,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7390,8 +7683,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7438,8 +7731,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7474,8 +7767,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7490,13 +7783,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7512,36 +7805,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7552,44 +7845,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7599,7 +7906,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7607,21 +7914,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7638,16 +7945,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7680,8 +7982,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7741,8 +8043,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7833,8 +8135,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7901,8 +8203,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7987,39 +8289,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8027,31 +8329,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8059,29 +8361,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8102,7 +8404,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8164,8 +8466,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8234,8 +8536,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8309,20 +8611,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8330,16 +8632,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8349,31 +8651,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -8381,10 +8682,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8392,16 +8693,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8418,21 +8719,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -8446,13 +8747,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8463,38 +8764,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8503,59 +8804,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8571,21 +8860,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8599,13 +8888,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8995,87 +9284,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.10.3.md b/docs/security/agent/grype-25.10.3.md index 6060ca3..cc62550 100644 --- a/docs/security/agent/grype-25.10.3.md +++ b/docs/security/agent/grype-25.10.3.md @@ -6,18 +6,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -26,13 +27,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -52,13 +54,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.4.json b/docs/security/agent/grype-25.10.4.json index fbe4192..681b6fe 100644 --- a/docs/security/agent/grype-25.10.4.json +++ b/docs/security/agent/grype-25.10.4.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1918,9 +1918,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1942,7 +1942,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1985,9 +1985,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2083,9 +2083,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2107,7 +2107,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -2158,9 +2158,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2257,8 +2257,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2353,8 +2353,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2457,8 +2457,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2516,8 +2516,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2608,8 +2608,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2667,8 +2667,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,63 +2747,246 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23155, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", @@ -2820,8 +3003,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2911,9 +3094,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2929,7 +3112,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2960,9 +3143,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3053,8 +3236,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3101,8 +3284,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3193,8 +3376,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3241,8 +3424,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3321,257 +3504,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ + } + ], + "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3665,8 +3665,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3708,8 +3708,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3803,8 +3803,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3851,8 +3851,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3943,8 +3943,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4004,8 +4004,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4101,8 +4101,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4162,8 +4162,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4258,9 +4258,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4290,7 +4290,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -4333,9 +4333,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4442,9 +4442,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -4460,7 +4460,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4535,8 +4535,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4601,8 +4601,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4676,87 +4676,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4773,31 +4740,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4805,23 +4758,346 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -4876,8 +5152,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -4952,8 +5228,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5064,8 +5340,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5138,8 +5414,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5210,31 +5486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -5242,48 +5526,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5291,87 +5587,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "f3db967c04cd48f5", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5379,48 +5767,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5428,21 +5824,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5456,25 +5852,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5507,8 +5892,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5561,8 +5946,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5636,134 +6021,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "f3db967c04cd48f5", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5771,49 +6061,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5828,21 +6130,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5856,13 +6158,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5896,8 +6198,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5938,8 +6240,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6033,8 +6335,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6075,8 +6377,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6147,12 +6449,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -6168,18 +6470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6191,27 +6493,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -6230,18 +6532,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6262,7 +6564,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -6324,8 +6626,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6377,8 +6679,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6469,8 +6771,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6522,8 +6824,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6625,8 +6927,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6679,8 +6981,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6782,8 +7084,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6848,8 +7150,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6923,39 +7225,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6963,68 +7265,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7032,21 +7320,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7060,14 +7348,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7100,8 +7393,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7148,8 +7441,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7184,8 +7477,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7203,10 +7496,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7245,8 +7538,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7293,8 +7586,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7329,8 +7622,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7348,10 +7641,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7390,8 +7683,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7438,8 +7731,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7474,8 +7767,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7490,13 +7783,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7512,36 +7805,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7552,44 +7845,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7599,7 +7906,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7607,21 +7914,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7638,16 +7945,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7680,8 +7982,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7741,8 +8043,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7833,8 +8135,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7901,8 +8203,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7987,39 +8289,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8027,31 +8329,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8059,29 +8361,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8102,7 +8404,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8164,8 +8466,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8234,8 +8536,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8309,20 +8611,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8330,16 +8632,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8349,31 +8651,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -8381,10 +8682,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8392,16 +8693,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8418,21 +8719,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -8446,13 +8747,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8463,38 +8764,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8503,59 +8804,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8571,21 +8860,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8599,13 +8888,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8995,87 +9284,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.10.4.md b/docs/security/agent/grype-25.10.4.md index 7a40485..52ec9f9 100644 --- a/docs/security/agent/grype-25.10.4.md +++ b/docs/security/agent/grype-25.10.4.md @@ -6,18 +6,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -26,13 +27,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -52,13 +54,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.5.json b/docs/security/agent/grype-25.10.5.json index 6beeb0f..fc21185 100644 --- a/docs/security/agent/grype-25.10.5.json +++ b/docs/security/agent/grype-25.10.5.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1918,9 +1918,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1942,7 +1942,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1985,9 +1985,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2083,9 +2083,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2107,7 +2107,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -2158,9 +2158,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2257,8 +2257,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2353,8 +2353,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2457,8 +2457,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2516,8 +2516,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2608,8 +2608,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2667,8 +2667,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,63 +2747,246 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23155, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", @@ -2820,8 +3003,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2911,9 +3094,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2929,7 +3112,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2960,9 +3143,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3053,8 +3236,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3101,8 +3284,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3193,8 +3376,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3241,8 +3424,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3321,257 +3504,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ + } + ], + "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3665,8 +3665,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3708,8 +3708,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3803,8 +3803,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3851,8 +3851,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3943,8 +3943,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4004,8 +4004,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4101,8 +4101,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4162,8 +4162,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4258,9 +4258,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4290,7 +4290,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -4333,9 +4333,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4442,9 +4442,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -4460,7 +4460,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4535,8 +4535,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4601,8 +4601,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4676,87 +4676,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4773,31 +4740,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4805,23 +4758,346 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -4876,8 +5152,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -4952,8 +5228,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5064,8 +5340,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5138,8 +5414,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5210,31 +5486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -5242,48 +5526,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5291,87 +5587,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "41ad758bbe058560", + "name": "fluent-bit", + "version": "25.10.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.4", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5379,48 +5767,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5428,21 +5824,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5456,25 +5852,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5507,8 +5892,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5561,8 +5946,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5636,134 +6021,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.4" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "41ad758bbe058560", - "name": "fluent-bit", - "version": "25.10.4", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.4", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5771,49 +6061,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5828,21 +6130,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5856,13 +6158,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5896,8 +6198,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5938,8 +6240,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6033,8 +6335,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6075,8 +6377,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6147,12 +6449,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -6168,18 +6470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6191,27 +6493,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -6230,18 +6532,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6262,7 +6564,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -6324,8 +6626,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6377,8 +6679,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6469,8 +6771,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6522,8 +6824,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6625,8 +6927,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6679,8 +6981,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6782,8 +7084,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6848,8 +7150,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6923,39 +7225,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6963,68 +7265,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7032,21 +7320,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7060,14 +7348,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7100,8 +7393,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7148,8 +7441,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7184,8 +7477,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7203,10 +7496,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7245,8 +7538,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7293,8 +7586,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7329,8 +7622,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7348,10 +7641,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7390,8 +7683,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7438,8 +7731,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7474,8 +7767,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7490,13 +7783,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7512,36 +7805,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7552,44 +7845,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7599,7 +7906,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7607,21 +7914,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7638,16 +7945,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7680,8 +7982,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7741,8 +8043,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7833,8 +8135,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7901,8 +8203,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7987,39 +8289,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8027,31 +8329,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8059,29 +8361,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8102,7 +8404,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8164,8 +8466,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8234,8 +8536,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8309,20 +8611,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8330,16 +8632,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8349,31 +8651,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -8381,10 +8682,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8392,16 +8693,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8418,21 +8719,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -8446,13 +8747,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8463,38 +8764,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8503,59 +8804,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8571,21 +8860,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8599,13 +8888,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8995,87 +9284,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.10.5.md b/docs/security/agent/grype-25.10.5.md index 27826e1..dbe7d08 100644 --- a/docs/security/agent/grype-25.10.5.md +++ b/docs/security/agent/grype-25.10.5.md @@ -6,18 +6,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -26,13 +27,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -52,13 +54,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.6.json b/docs/security/agent/grype-25.10.6.json index 655e61f..fc3eadb 100644 --- a/docs/security/agent/grype-25.10.6.json +++ b/docs/security/agent/grype-25.10.6.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1918,9 +1918,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1942,7 +1942,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1985,9 +1985,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2083,9 +2083,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2107,7 +2107,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -2158,9 +2158,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2257,8 +2257,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2353,8 +2353,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2457,8 +2457,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2516,8 +2516,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2608,8 +2608,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2667,8 +2667,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,63 +2747,246 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23155, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", @@ -2820,8 +3003,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2911,9 +3094,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2929,7 +3112,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2960,9 +3143,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3053,8 +3236,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3101,8 +3284,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3193,8 +3376,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3241,8 +3424,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3321,257 +3504,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ + } + ], + "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3665,8 +3665,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3708,8 +3708,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3803,8 +3803,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3851,8 +3851,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3943,8 +3943,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4004,8 +4004,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4101,8 +4101,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4162,8 +4162,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4258,9 +4258,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4290,7 +4290,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -4333,9 +4333,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4442,9 +4442,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -4460,7 +4460,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4535,8 +4535,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4601,8 +4601,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4676,87 +4676,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4773,31 +4740,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4805,23 +4758,346 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -4876,8 +5152,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -4952,8 +5228,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5064,8 +5340,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5138,8 +5414,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5210,31 +5486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -5242,48 +5526,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5291,87 +5587,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "7c565ae309ebd658", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5379,48 +5767,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5428,21 +5824,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5456,25 +5852,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5507,8 +5892,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5561,8 +5946,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5636,134 +6021,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.6" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "7c565ae309ebd658", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5771,49 +6061,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5828,21 +6130,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5856,13 +6158,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5896,8 +6198,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5938,8 +6240,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6033,8 +6335,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6075,8 +6377,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6147,12 +6449,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -6168,18 +6470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6191,27 +6493,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -6230,18 +6532,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6262,7 +6564,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -6324,8 +6626,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6377,8 +6679,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6469,8 +6771,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6522,8 +6824,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6625,8 +6927,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6679,8 +6981,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6782,8 +7084,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6848,8 +7150,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6923,39 +7225,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6963,68 +7265,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7032,21 +7320,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7060,14 +7348,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7100,8 +7393,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7148,8 +7441,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7184,8 +7477,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7203,10 +7496,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7245,8 +7538,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7293,8 +7586,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7329,8 +7622,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7348,10 +7641,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7390,8 +7683,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7438,8 +7731,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7474,8 +7767,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7490,13 +7783,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7512,36 +7805,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7552,44 +7845,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7599,7 +7906,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7607,21 +7914,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7638,16 +7945,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7680,8 +7982,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7741,8 +8043,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7833,8 +8135,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7901,8 +8203,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7987,39 +8289,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8027,31 +8329,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8059,29 +8361,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8102,7 +8404,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8164,8 +8466,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8234,8 +8536,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8309,20 +8611,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8330,16 +8632,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8349,31 +8651,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -8381,10 +8682,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8392,16 +8693,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8418,21 +8719,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -8446,13 +8747,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8463,38 +8764,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8503,59 +8804,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8571,21 +8860,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8599,13 +8888,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8995,87 +9284,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.10.6.md b/docs/security/agent/grype-25.10.6.md index 8bbe9f2..daca2a0 100644 --- a/docs/security/agent/grype-25.10.6.md +++ b/docs/security/agent/grype-25.10.6.md @@ -6,18 +6,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -26,13 +27,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -52,13 +54,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.7.json b/docs/security/agent/grype-25.10.7.json index 4d9e42e..b3eb349 100644 --- a/docs/security/agent/grype-25.10.7.json +++ b/docs/security/agent/grype-25.10.7.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1918,9 +1918,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1942,7 +1942,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1985,9 +1985,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2083,9 +2083,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2107,7 +2107,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -2158,9 +2158,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2257,8 +2257,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2353,8 +2353,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2457,8 +2457,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2516,8 +2516,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2608,8 +2608,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2667,8 +2667,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,63 +2747,246 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23155, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", @@ -2820,8 +3003,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2911,9 +3094,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2929,7 +3112,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2960,9 +3143,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3053,8 +3236,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3101,8 +3284,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3193,8 +3376,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3241,8 +3424,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3321,257 +3504,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ + } + ], + "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3665,8 +3665,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3708,8 +3708,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3803,8 +3803,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3851,8 +3851,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3943,8 +3943,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4004,8 +4004,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4101,8 +4101,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4162,8 +4162,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4258,9 +4258,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4290,7 +4290,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -4333,9 +4333,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4442,9 +4442,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -4460,7 +4460,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4535,8 +4535,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4601,8 +4601,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4676,87 +4676,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4773,31 +4740,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4805,23 +4758,346 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -4876,8 +5152,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -4952,8 +5228,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5064,8 +5340,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5138,8 +5414,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5210,31 +5486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -5242,48 +5526,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5291,87 +5587,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "3b096a4569cbd31e", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5379,48 +5767,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5428,21 +5824,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5456,25 +5852,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5507,8 +5892,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5561,8 +5946,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5636,134 +6021,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.6" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "3b096a4569cbd31e", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5771,49 +6061,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5828,21 +6130,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5856,13 +6158,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5896,8 +6198,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5938,8 +6240,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6033,8 +6335,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6075,8 +6377,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6147,12 +6449,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -6168,18 +6470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6191,27 +6493,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -6230,18 +6532,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6262,7 +6564,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -6324,8 +6626,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6377,8 +6679,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6469,8 +6771,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6522,8 +6824,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6625,8 +6927,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6679,8 +6981,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6782,8 +7084,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6848,8 +7150,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6923,39 +7225,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6963,68 +7265,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7032,21 +7320,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7060,14 +7348,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7100,8 +7393,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7148,8 +7441,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7184,8 +7477,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7203,10 +7496,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7245,8 +7538,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7293,8 +7586,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7329,8 +7622,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7348,10 +7641,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7390,8 +7683,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7438,8 +7731,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7474,8 +7767,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7490,13 +7783,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7512,36 +7805,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7552,44 +7845,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7599,7 +7906,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7607,21 +7914,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7638,16 +7945,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7680,8 +7982,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7741,8 +8043,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7833,8 +8135,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7901,8 +8203,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7987,39 +8289,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8027,31 +8329,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8059,29 +8361,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8102,7 +8404,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8164,8 +8466,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8234,8 +8536,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8309,20 +8611,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8330,16 +8632,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8349,31 +8651,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -8381,10 +8682,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8392,16 +8693,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8418,21 +8719,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -8446,13 +8747,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8463,38 +8764,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8503,59 +8804,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8571,21 +8860,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8599,13 +8888,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8995,87 +9284,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.10.7.md b/docs/security/agent/grype-25.10.7.md index 9b7492d..8901d65 100644 --- a/docs/security/agent/grype-25.10.7.md +++ b/docs/security/agent/grype-25.10.7.md @@ -6,18 +6,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -26,13 +27,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -52,13 +54,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.8.json b/docs/security/agent/grype-25.10.8.json index 1a93fe9..d54b083 100644 --- a/docs/security/agent/grype-25.10.8.json +++ b/docs/security/agent/grype-25.10.8.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -185,95 +185,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -281,21 +298,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -309,105 +326,133 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -422,21 +467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -450,28 +495,28 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -501,8 +546,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -557,8 +602,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -626,112 +671,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -739,21 +767,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -767,133 +795,105 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -908,21 +908,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -936,28 +936,28 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -987,8 +987,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1058,8 +1058,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1161,8 +1161,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1232,8 +1232,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1335,8 +1335,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1380,8 +1380,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1520,8 +1520,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1615,8 +1615,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1754,9 +1754,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1778,7 +1778,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1821,9 +1821,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1919,9 +1919,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -1943,7 +1943,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -1994,9 +1994,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2093,8 +2093,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2189,8 +2189,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2293,8 +2293,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2352,8 +2352,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2444,8 +2444,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2503,8 +2503,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2606,8 +2606,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2656,8 +2656,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,9 +2747,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2765,7 +2765,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2796,9 +2796,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2889,8 +2889,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -2937,8 +2937,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3029,8 +3029,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3077,8 +3077,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3223,8 +3223,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3318,8 +3318,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3361,8 +3361,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3456,8 +3456,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3504,8 +3504,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3596,8 +3596,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3657,8 +3657,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3754,8 +3754,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3815,8 +3815,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3914,9 +3914,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -3932,7 +3932,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4007,8 +4007,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4073,8 +4073,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4170,9 +4170,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -4180,7 +4180,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { @@ -4192,7 +4192,8 @@ "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ @@ -4212,9 +4213,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -4307,9 +4308,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -4317,7 +4318,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { @@ -4329,7 +4330,8 @@ "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ @@ -4349,9 +4351,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -4422,44 +4424,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -4468,52 +4464,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" - ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -4529,21 +4525,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -4557,13 +4553,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4599,9 +4595,9 @@ "epss": [ { "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" } ], "cwes": [ @@ -4617,7 +4613,7 @@ "state": "" }, "advisories": [], - "risk": 0.009975000000000001 + "risk": 0.011025000000000002 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4691,9 +4687,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" } ], "cwes": [ @@ -4709,7 +4705,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010795 }, "relatedVulnerabilities": [ { @@ -4723,35 +4719,341 @@ "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04611, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04611, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010349999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -4766,21 +5068,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4794,13 +5096,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4834,8 +5136,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -4876,8 +5178,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -4971,8 +5273,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5013,8 +5315,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -5085,12 +5387,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -5106,18 +5408,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5129,27 +5431,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -5168,18 +5470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5200,7 +5502,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -5262,8 +5564,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5315,8 +5617,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5407,8 +5709,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5460,8 +5762,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5563,8 +5865,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -5617,8 +5919,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -5720,8 +6022,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -5786,8 +6088,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -5861,39 +6163,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5901,68 +6203,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5970,21 +6258,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -5998,14 +6286,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6038,8 +6331,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6086,8 +6379,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6122,8 +6415,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6141,10 +6434,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6183,8 +6476,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6231,8 +6524,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6267,8 +6560,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6286,10 +6579,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6328,8 +6621,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6376,8 +6669,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6412,8 +6705,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6428,13 +6721,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6450,36 +6743,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -6490,44 +6783,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -6537,7 +6844,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6545,21 +6852,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6576,16 +6883,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6618,8 +6920,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -6679,8 +6981,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -6771,8 +7073,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -6839,8 +7141,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -6925,39 +7227,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6965,31 +7267,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -6997,29 +7299,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7040,7 +7342,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7102,8 +7404,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -7172,8 +7474,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -7247,20 +7549,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7268,16 +7570,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7287,31 +7589,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7319,10 +7620,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7330,16 +7631,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7356,21 +7657,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -7384,13 +7685,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7401,38 +7702,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7441,59 +7742,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7509,21 +7798,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7537,13 +7826,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7933,87 +8222,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.10.8.md b/docs/security/agent/grype-25.10.8.md index da51299..3cf2432 100644 --- a/docs/security/agent/grype-25.10.8.md +++ b/docs/security/agent/grype-25.10.8.md @@ -5,14 +5,15 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.8 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.8 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -21,12 +22,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -46,13 +48,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.9.json b/docs/security/agent/grype-25.10.9.json index 222fe1b..160f421 100644 --- a/docs/security/agent/grype-25.10.9.json +++ b/docs/security/agent/grype-25.10.9.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -185,95 +185,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -281,21 +298,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -309,105 +326,133 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -422,21 +467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -450,28 +495,28 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -501,8 +546,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -557,8 +602,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -626,112 +671,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -739,21 +767,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -767,133 +795,105 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -908,21 +908,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -936,28 +936,28 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -987,8 +987,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1058,8 +1058,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1161,8 +1161,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1232,8 +1232,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1335,8 +1335,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1380,8 +1380,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1520,8 +1520,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1615,8 +1615,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1754,9 +1754,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1778,7 +1778,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1821,9 +1821,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1919,9 +1919,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -1943,7 +1943,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -1994,9 +1994,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2093,8 +2093,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2189,8 +2189,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2293,8 +2293,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2352,8 +2352,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2444,8 +2444,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2503,8 +2503,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2606,8 +2606,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2656,8 +2656,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,9 +2747,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2765,7 +2765,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2796,9 +2796,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2889,8 +2889,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -2937,8 +2937,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3029,8 +3029,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3077,8 +3077,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3223,8 +3223,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3318,8 +3318,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3361,8 +3361,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3456,8 +3456,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3504,8 +3504,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3596,8 +3596,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3657,8 +3657,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3754,8 +3754,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3815,8 +3815,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3911,9 +3911,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -3943,7 +3943,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -3986,9 +3986,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4095,9 +4095,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -4113,7 +4113,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4188,8 +4188,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4254,8 +4254,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4329,222 +4329,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01344 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9714", - "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" - } - } - ], - "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "MIT" - ], - "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.01133 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4562,9 +4394,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -4657,9 +4489,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -4667,7 +4499,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { @@ -4679,7 +4511,8 @@ "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ @@ -4699,9 +4532,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -4772,20 +4605,20 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4793,77 +4626,91 @@ ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0105 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01344 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "cve": "CVE-2025-9714", + "epss": 0.00024, + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" } ] @@ -4879,21 +4726,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4907,13 +4757,159 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4949,9 +4945,9 @@ "epss": [ { "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" } ], "cwes": [ @@ -4967,7 +4963,7 @@ "state": "" }, "advisories": [], - "risk": 0.009975000000000001 + "risk": 0.011025000000000002 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -5041,9 +5037,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" } ], "cwes": [ @@ -5059,7 +5055,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010795 }, "relatedVulnerabilities": [ { @@ -5073,35 +5069,341 @@ "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04611, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04611, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010349999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5116,21 +5418,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5144,13 +5446,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5184,8 +5486,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5226,8 +5528,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -5321,8 +5623,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5363,8 +5665,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -5435,12 +5737,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -5456,18 +5758,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5479,27 +5781,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -5518,18 +5820,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5550,7 +5852,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -5612,8 +5914,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5665,8 +5967,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5757,8 +6059,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5810,8 +6112,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5913,8 +6215,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -5967,8 +6269,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6070,8 +6372,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6136,8 +6438,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6211,39 +6513,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6251,68 +6553,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6320,21 +6608,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -6348,14 +6636,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6388,8 +6681,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6436,8 +6729,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6472,8 +6765,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6491,10 +6784,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6533,8 +6826,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6581,8 +6874,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6617,8 +6910,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6636,10 +6929,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6678,8 +6971,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6726,8 +7019,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6762,8 +7055,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -6778,13 +7071,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -6800,36 +7093,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -6840,44 +7133,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -6887,7 +7194,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6895,21 +7202,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6926,16 +7233,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6968,8 +7270,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7029,8 +7331,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7121,8 +7423,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7189,8 +7491,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7275,39 +7577,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7315,31 +7617,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -7347,29 +7649,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7390,7 +7692,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7452,8 +7754,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -7522,8 +7824,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -7597,20 +7899,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7618,16 +7920,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7637,31 +7939,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7669,10 +7970,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7680,16 +7981,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7706,21 +8007,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -7734,13 +8035,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7751,38 +8052,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7791,59 +8092,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7859,21 +8148,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7887,13 +8176,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8283,87 +8572,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.10.9.md b/docs/security/agent/grype-25.10.9.md index 718c2cd..d54b41e 100644 --- a/docs/security/agent/grype-25.10.9.md +++ b/docs/security/agent/grype-25.10.9.md @@ -5,16 +5,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.9 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | fluent-bit | 25.10.9 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -23,12 +24,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -48,13 +50,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.11.1.json b/docs/security/agent/grype-25.11.1.json index 9e787ea..9bd4a2e 100644 --- a/docs/security/agent/grype-25.11.1.json +++ b/docs/security/agent/grype-25.11.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1918,9 +1918,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1942,7 +1942,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1985,9 +1985,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2083,9 +2083,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2107,7 +2107,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -2158,9 +2158,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2257,8 +2257,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2353,8 +2353,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2457,8 +2457,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2516,8 +2516,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2608,8 +2608,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2667,8 +2667,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,63 +2747,246 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23155, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", @@ -2820,8 +3003,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2911,9 +3094,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2929,7 +3112,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2960,9 +3143,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3053,8 +3236,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3101,8 +3284,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3193,8 +3376,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3241,8 +3424,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3321,257 +3504,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ + } + ], + "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3665,8 +3665,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3708,8 +3708,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3803,8 +3803,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3851,8 +3851,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3943,8 +3943,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4004,8 +4004,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4101,8 +4101,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4162,8 +4162,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4258,9 +4258,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4290,7 +4290,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -4333,9 +4333,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4442,9 +4442,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -4460,7 +4460,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4535,8 +4535,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4601,8 +4601,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4676,87 +4676,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4773,31 +4740,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4805,23 +4758,346 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -4876,8 +5152,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -4952,8 +5228,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5064,8 +5340,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5138,8 +5414,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5210,31 +5486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -5242,48 +5526,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5291,87 +5587,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.11.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "09a7526d23e50ddd", + "name": "fluent-bit", + "version": "25.11.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.11.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5379,48 +5767,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5428,21 +5824,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5456,25 +5852,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5507,8 +5892,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5561,8 +5946,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5636,134 +6021,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.11.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "09a7526d23e50ddd", - "name": "fluent-bit", - "version": "25.11.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.11.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5771,49 +6061,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5828,21 +6130,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5856,13 +6158,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5896,8 +6198,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5938,8 +6240,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6033,8 +6335,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6075,8 +6377,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6147,12 +6449,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -6168,18 +6470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6191,27 +6493,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -6230,18 +6532,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6262,7 +6564,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -6324,8 +6626,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6377,8 +6679,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6469,8 +6771,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6522,8 +6824,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6625,8 +6927,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6679,8 +6981,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6782,8 +7084,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6848,8 +7150,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6923,39 +7225,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6963,68 +7265,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7032,21 +7320,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7060,14 +7348,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7100,8 +7393,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7148,8 +7441,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7184,8 +7477,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7203,10 +7496,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7245,8 +7538,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7293,8 +7586,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7329,8 +7622,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7348,10 +7641,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7390,8 +7683,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7438,8 +7731,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7474,8 +7767,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7490,13 +7783,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7512,36 +7805,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7552,44 +7845,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7599,7 +7906,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7607,21 +7914,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7638,16 +7945,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7680,8 +7982,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7741,8 +8043,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7833,8 +8135,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7901,8 +8203,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7987,39 +8289,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8027,31 +8329,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8059,29 +8361,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8102,7 +8404,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8164,8 +8466,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8234,8 +8536,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8309,20 +8611,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8330,16 +8632,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8349,31 +8651,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -8381,10 +8682,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8392,16 +8693,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8418,21 +8719,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -8446,13 +8747,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8463,38 +8764,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8503,59 +8804,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8571,21 +8860,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8599,13 +8888,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8995,87 +9284,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.11.1.md b/docs/security/agent/grype-25.11.1.md index c077622..8d3d73c 100644 --- a/docs/security/agent/grype-25.11.1.md +++ b/docs/security/agent/grype-25.11.1.md @@ -6,18 +6,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.11.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.11.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -26,13 +27,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -52,13 +54,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.11.2.json b/docs/security/agent/grype-25.11.2.json index bcaf1c7..41684a1 100644 --- a/docs/security/agent/grype-25.11.2.json +++ b/docs/security/agent/grype-25.11.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1918,9 +1918,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1942,7 +1942,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1985,9 +1985,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2083,9 +2083,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2107,7 +2107,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -2158,9 +2158,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2257,8 +2257,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2353,8 +2353,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2457,8 +2457,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2516,8 +2516,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2608,8 +2608,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2667,8 +2667,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,63 +2747,246 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23155, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", @@ -2820,8 +3003,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2911,9 +3094,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2929,7 +3112,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2960,9 +3143,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3053,8 +3236,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3101,8 +3284,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3193,8 +3376,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3241,8 +3424,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3321,257 +3504,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ + } + ], + "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3665,8 +3665,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3708,8 +3708,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3803,8 +3803,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3851,8 +3851,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3943,8 +3943,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4004,8 +4004,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4101,8 +4101,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4162,8 +4162,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4258,9 +4258,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4290,7 +4290,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -4333,9 +4333,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4442,9 +4442,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -4460,7 +4460,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4535,8 +4535,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4601,8 +4601,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4676,87 +4676,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4773,31 +4740,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4805,23 +4758,346 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -4876,8 +5152,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -4952,8 +5228,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5064,8 +5340,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5138,8 +5414,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5210,31 +5486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -5242,48 +5526,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5291,87 +5587,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.11.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b08e28436378359a", + "name": "fluent-bit", + "version": "25.11.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.11.2", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5379,48 +5767,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5428,21 +5824,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5456,25 +5852,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5507,8 +5892,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5561,8 +5946,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5636,134 +6021,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.11.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "b08e28436378359a", - "name": "fluent-bit", - "version": "25.11.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.11.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5771,49 +6061,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5828,21 +6130,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5856,13 +6158,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5896,8 +6198,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5938,8 +6240,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6033,8 +6335,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6075,8 +6377,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6147,12 +6449,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -6168,18 +6470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6191,27 +6493,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -6230,18 +6532,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6262,7 +6564,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -6324,8 +6626,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6377,8 +6679,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6469,8 +6771,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6522,8 +6824,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6625,8 +6927,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6679,8 +6981,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6782,8 +7084,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6848,8 +7150,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6923,39 +7225,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6963,68 +7265,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7032,21 +7320,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7060,14 +7348,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7100,8 +7393,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7148,8 +7441,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7184,8 +7477,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7203,10 +7496,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7245,8 +7538,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7293,8 +7586,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7329,8 +7622,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7348,10 +7641,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7390,8 +7683,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7438,8 +7731,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7474,8 +7767,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7490,13 +7783,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7512,36 +7805,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7552,44 +7845,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7599,7 +7906,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7607,21 +7914,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7638,16 +7945,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7680,8 +7982,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7741,8 +8043,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7833,8 +8135,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7901,8 +8203,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7987,39 +8289,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8027,31 +8329,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8059,29 +8361,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8102,7 +8404,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8164,8 +8466,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8234,8 +8536,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8309,20 +8611,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8330,16 +8632,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8349,31 +8651,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -8381,10 +8682,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8392,16 +8693,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8418,21 +8719,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -8446,13 +8747,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8463,38 +8764,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8503,59 +8804,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8571,21 +8860,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8599,13 +8888,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8995,87 +9284,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.11.2.md b/docs/security/agent/grype-25.11.2.md index ca287ec..b0db932 100644 --- a/docs/security/agent/grype-25.11.2.md +++ b/docs/security/agent/grype-25.11.2.md @@ -6,18 +6,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.11.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.11.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -26,13 +27,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -52,13 +54,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.1.json b/docs/security/agent/grype-25.12.1.json index c50fbc5..8173340 100644 --- a/docs/security/agent/grype-25.12.1.json +++ b/docs/security/agent/grype-25.12.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -185,95 +185,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -281,21 +298,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -309,105 +326,133 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -422,21 +467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -450,28 +495,28 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -501,8 +546,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -557,8 +602,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -626,112 +671,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -739,21 +767,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -767,133 +795,105 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -908,21 +908,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -936,28 +936,28 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -987,8 +987,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1058,8 +1058,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1161,8 +1161,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1232,8 +1232,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1335,8 +1335,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1380,8 +1380,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1520,8 +1520,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1615,8 +1615,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1754,9 +1754,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1778,7 +1778,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1821,9 +1821,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1919,9 +1919,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -1943,7 +1943,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -1994,9 +1994,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2093,8 +2093,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2189,8 +2189,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2293,8 +2293,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2352,8 +2352,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2444,8 +2444,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2503,8 +2503,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2606,8 +2606,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2656,8 +2656,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,9 +2747,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2765,7 +2765,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2796,9 +2796,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2889,8 +2889,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -2937,8 +2937,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3029,8 +3029,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3077,8 +3077,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3223,8 +3223,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3318,8 +3318,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3361,8 +3361,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3456,8 +3456,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3504,8 +3504,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3596,8 +3596,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3657,8 +3657,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3754,8 +3754,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3815,8 +3815,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3911,9 +3911,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -3943,7 +3943,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -3986,9 +3986,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4081,9 +4081,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4113,7 +4113,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -4156,9 +4156,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4262,9 +4262,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4294,7 +4294,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -4337,9 +4337,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4443,9 +4443,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4475,7 +4475,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -4518,9 +4518,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4631,9 +4631,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -4649,7 +4649,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4724,8 +4724,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4790,8 +4790,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4887,9 +4887,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -4897,7 +4897,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { @@ -4909,7 +4909,8 @@ "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ @@ -4929,9 +4930,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -5024,9 +5025,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -5034,7 +5035,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { @@ -5046,7 +5047,8 @@ "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ @@ -5066,9 +5068,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -5139,44 +5141,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -5185,52 +5181,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" - ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -5246,21 +5242,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -5274,13 +5270,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5316,9 +5312,9 @@ "epss": [ { "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" } ], "cwes": [ @@ -5334,7 +5330,7 @@ "state": "" }, "advisories": [], - "risk": 0.009975000000000001 + "risk": 0.011025000000000002 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -5408,9 +5404,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" } ], "cwes": [ @@ -5426,7 +5422,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010795 }, "relatedVulnerabilities": [ { @@ -5446,29 +5442,335 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04611, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04611, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010349999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5483,21 +5785,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5511,13 +5813,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5551,8 +5853,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5593,8 +5895,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -5688,8 +5990,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5730,8 +6032,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -5802,12 +6104,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -5823,18 +6125,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5846,27 +6148,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -5885,18 +6187,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5917,7 +6219,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -5979,8 +6281,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6032,8 +6334,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6124,8 +6426,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6177,8 +6479,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6280,8 +6582,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6334,8 +6636,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6386,189 +6688,25 @@ ], "language": "", "licenses": [ - "GPLv3+" - ], - "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.00824 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" - ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-30571", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6578,100 +6716,110 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -6693,7 +6841,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } @@ -6755,8 +6903,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6803,8 +6951,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6900,8 +7048,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6948,8 +7096,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7045,8 +7193,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7093,8 +7241,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7190,8 +7338,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7238,8 +7386,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7335,8 +7483,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7383,8 +7531,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7480,8 +7628,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7528,8 +7676,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7626,8 +7774,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7674,8 +7822,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7756,6 +7904,160 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007245 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-30258", @@ -7781,8 +8083,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7842,8 +8144,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7934,8 +8236,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -8002,8 +8304,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -8088,39 +8390,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8128,31 +8430,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8160,29 +8462,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8203,7 +8505,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8265,8 +8567,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8335,8 +8637,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8410,20 +8712,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8431,16 +8733,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8450,31 +8752,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -8482,10 +8783,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8493,16 +8794,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8519,21 +8820,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -8547,13 +8848,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8564,20 +8865,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8585,17 +8886,17 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02022, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8604,41 +8905,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8646,17 +8946,17 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02022, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8672,21 +8972,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -8703,10 +9003,10 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8717,37 +9017,37 @@ }, { "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00013, - "percentile": 0.01611, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", "source": "cve@mitre.org", "type": "Secondary" } @@ -8757,57 +9057,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.003835 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00013, - "percentile": 0.01611, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", "source": "cve@mitre.org", "type": "Secondary" } @@ -8824,21 +9113,21 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66382", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8852,13 +9141,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9249,87 +9538,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.12.1.md b/docs/security/agent/grype-25.12.1.md index 4887e41..a0fda10 100644 --- a/docs/security/agent/grype-25.12.1.md +++ b/docs/security/agent/grype-25.12.1.md @@ -5,6 +5,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | @@ -14,9 +15,9 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | fluent-bit | 25.12.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.12.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -28,12 +29,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -53,14 +55,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.2.json b/docs/security/agent/grype-25.12.2.json index b9509a7..f5e3f30 100644 --- a/docs/security/agent/grype-25.12.2.json +++ b/docs/security/agent/grype-25.12.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -185,95 +185,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -281,21 +298,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -309,105 +326,133 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -422,21 +467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -450,28 +495,28 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -501,8 +546,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -557,8 +602,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -626,112 +671,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -739,21 +767,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -767,133 +795,105 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -908,21 +908,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -936,28 +936,28 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -987,8 +987,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1058,8 +1058,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1161,8 +1161,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1232,8 +1232,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1335,8 +1335,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1380,8 +1380,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1520,8 +1520,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1615,8 +1615,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1754,9 +1754,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1778,7 +1778,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1821,9 +1821,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1919,9 +1919,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -1943,7 +1943,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -1994,9 +1994,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2093,8 +2093,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2189,8 +2189,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2293,8 +2293,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2352,8 +2352,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2444,8 +2444,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2503,8 +2503,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2606,8 +2606,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2656,8 +2656,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,9 +2747,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2765,7 +2765,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2796,9 +2796,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2889,8 +2889,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -2937,8 +2937,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3029,8 +3029,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3077,8 +3077,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3223,8 +3223,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3318,8 +3318,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3361,8 +3361,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3456,8 +3456,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3504,8 +3504,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3596,8 +3596,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3657,8 +3657,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3754,8 +3754,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3815,8 +3815,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3914,9 +3914,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -3932,7 +3932,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4007,8 +4007,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4073,8 +4073,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4170,9 +4170,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -4180,7 +4180,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { @@ -4192,7 +4192,8 @@ "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ @@ -4212,9 +4213,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -4307,9 +4308,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -4317,7 +4318,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { @@ -4329,7 +4330,8 @@ "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ @@ -4349,9 +4351,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -4422,44 +4424,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -4468,52 +4464,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" - ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -4529,21 +4525,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -4557,13 +4553,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4599,9 +4595,9 @@ "epss": [ { "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" } ], "cwes": [ @@ -4617,7 +4613,7 @@ "state": "" }, "advisories": [], - "risk": 0.009975000000000001 + "risk": 0.011025000000000002 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4691,9 +4687,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" } ], "cwes": [ @@ -4709,7 +4705,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010795 }, "relatedVulnerabilities": [ { @@ -4729,29 +4725,335 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04611, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04611, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010349999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -4766,21 +5068,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4794,13 +5096,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4834,8 +5136,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -4876,8 +5178,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -4971,8 +5273,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5013,8 +5315,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -5085,12 +5387,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -5106,18 +5408,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5129,27 +5431,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -5168,18 +5470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5200,7 +5502,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -5262,8 +5564,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5315,8 +5617,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5407,8 +5709,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5460,8 +5762,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5563,8 +5865,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -5617,8 +5919,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -5669,189 +5971,25 @@ ], "language": "", "licenses": [ - "GPLv3+" - ], - "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.00824 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" - ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-30571", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5861,100 +5999,110 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5976,7 +6124,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } @@ -6038,8 +6186,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6086,8 +6234,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6183,8 +6331,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6231,8 +6379,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6328,8 +6476,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6376,8 +6524,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6473,8 +6621,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6521,8 +6669,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6618,8 +6766,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6666,8 +6814,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6763,8 +6911,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6811,8 +6959,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6909,8 +7057,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6957,8 +7105,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7039,6 +7187,160 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007245 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-30258", @@ -7064,8 +7366,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7125,8 +7427,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7217,8 +7519,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7285,8 +7587,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7371,39 +7673,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7411,31 +7713,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -7443,29 +7745,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7486,7 +7788,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7548,8 +7850,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -7618,8 +7920,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -7693,20 +7995,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7714,16 +8016,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7733,31 +8035,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7765,10 +8066,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7776,16 +8077,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7802,21 +8103,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -7830,13 +8131,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7847,20 +8148,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7868,17 +8169,17 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02022, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7887,41 +8188,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7929,17 +8229,17 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02022, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7955,21 +8255,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -7986,10 +8286,10 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8000,37 +8300,37 @@ }, { "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00013, - "percentile": 0.01611, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", "source": "cve@mitre.org", "type": "Secondary" } @@ -8040,57 +8340,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.003835 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00013, - "percentile": 0.01611, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", "source": "cve@mitre.org", "type": "Secondary" } @@ -8107,21 +8396,21 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66382", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8135,13 +8424,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8532,87 +8821,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.12.2.md b/docs/security/agent/grype-25.12.2.md index 1229597..0bdf722 100644 --- a/docs/security/agent/grype-25.12.2.md +++ b/docs/security/agent/grype-25.12.2.md @@ -5,14 +5,15 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.12.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.12.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -24,12 +25,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -49,14 +51,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.3.json b/docs/security/agent/grype-25.12.3.json index 3d2efe7..dcb0089 100644 --- a/docs/security/agent/grype-25.12.3.json +++ b/docs/security/agent/grype-25.12.3.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -185,95 +185,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -281,21 +298,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -309,105 +326,133 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -422,21 +467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -450,28 +495,28 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -501,8 +546,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -557,8 +602,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -626,112 +671,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -739,21 +767,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -767,133 +795,105 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -908,21 +908,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -936,28 +936,28 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -987,8 +987,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1058,8 +1058,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1161,8 +1161,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1232,8 +1232,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1335,8 +1335,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1380,8 +1380,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1520,8 +1520,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1615,8 +1615,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1754,9 +1754,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1778,7 +1778,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1821,9 +1821,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1919,9 +1919,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -1943,7 +1943,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -1994,9 +1994,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2093,8 +2093,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2189,8 +2189,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2293,8 +2293,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2352,8 +2352,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2444,8 +2444,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2503,8 +2503,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2606,8 +2606,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2656,8 +2656,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,9 +2747,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2765,7 +2765,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2796,9 +2796,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2889,8 +2889,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -2937,8 +2937,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3029,8 +3029,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3077,8 +3077,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3223,8 +3223,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3318,8 +3318,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3361,8 +3361,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3456,8 +3456,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3504,8 +3504,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3596,8 +3596,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3657,8 +3657,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3754,8 +3754,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3815,8 +3815,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3914,9 +3914,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -3932,7 +3932,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4007,8 +4007,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4073,8 +4073,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4170,9 +4170,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -4180,7 +4180,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { @@ -4192,7 +4192,8 @@ "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ @@ -4212,9 +4213,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -4307,9 +4308,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -4317,7 +4318,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { @@ -4329,7 +4330,8 @@ "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ @@ -4349,9 +4351,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -4422,44 +4424,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -4468,52 +4464,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" - ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -4529,21 +4525,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -4557,13 +4553,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4599,9 +4595,9 @@ "epss": [ { "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" } ], "cwes": [ @@ -4617,7 +4613,7 @@ "state": "" }, "advisories": [], - "risk": 0.009975000000000001 + "risk": 0.011025000000000002 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4691,9 +4687,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" } ], "cwes": [ @@ -4709,7 +4705,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010795 }, "relatedVulnerabilities": [ { @@ -4729,29 +4725,335 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04611, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04611, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010349999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -4766,21 +5068,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4794,13 +5096,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4834,8 +5136,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -4876,8 +5178,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -4971,8 +5273,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5013,8 +5315,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -5085,12 +5387,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -5106,18 +5408,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5129,27 +5431,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -5168,18 +5470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5200,7 +5502,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -5262,8 +5564,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5315,8 +5617,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5407,8 +5709,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5460,8 +5762,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5563,8 +5865,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -5617,8 +5919,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -5669,189 +5971,25 @@ ], "language": "", "licenses": [ - "GPLv3+" - ], - "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.00824 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" - ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-30571", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5861,100 +5999,110 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5976,7 +6124,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } @@ -6038,8 +6186,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6086,8 +6234,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6183,8 +6331,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6231,8 +6379,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6328,8 +6476,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6376,8 +6524,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6473,8 +6621,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6521,8 +6669,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6618,8 +6766,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6666,8 +6814,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6763,8 +6911,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6811,8 +6959,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6909,8 +7057,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6957,8 +7105,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7039,6 +7187,160 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007245 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-30258", @@ -7064,8 +7366,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7125,8 +7427,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7217,8 +7519,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7285,8 +7587,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7371,39 +7673,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7411,31 +7713,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -7443,29 +7745,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7486,7 +7788,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7548,8 +7850,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -7618,8 +7920,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -7693,20 +7995,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7714,16 +8016,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7733,31 +8035,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7765,10 +8066,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7776,16 +8077,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7802,21 +8103,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -7830,13 +8131,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7847,20 +8148,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7868,17 +8169,17 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02022, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7887,41 +8188,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7929,17 +8229,17 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02022, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7955,21 +8255,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -7986,10 +8286,10 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8000,37 +8300,37 @@ }, { "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00013, - "percentile": 0.01611, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", "source": "cve@mitre.org", "type": "Secondary" } @@ -8040,57 +8340,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.003835 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00013, - "percentile": 0.01611, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", "source": "cve@mitre.org", "type": "Secondary" } @@ -8107,21 +8396,21 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66382", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8135,13 +8424,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8532,87 +8821,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.12.3.md b/docs/security/agent/grype-25.12.3.md index 99dae9a..6d2c5da 100644 --- a/docs/security/agent/grype-25.12.3.md +++ b/docs/security/agent/grype-25.12.3.md @@ -5,14 +5,15 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.12.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.12.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -24,12 +25,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -49,14 +51,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.4.json b/docs/security/agent/grype-25.12.4.json index 3ac2228..1345d46 100644 --- a/docs/security/agent/grype-25.12.4.json +++ b/docs/security/agent/grype-25.12.4.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -185,95 +185,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -281,21 +298,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -309,105 +326,133 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -422,21 +467,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -450,28 +495,28 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -501,8 +546,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -557,8 +602,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -626,112 +671,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -739,21 +767,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -767,133 +795,105 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -908,21 +908,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -936,28 +936,28 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -987,8 +987,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1058,8 +1058,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1161,8 +1161,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1232,8 +1232,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1335,8 +1335,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1380,8 +1380,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1475,8 +1475,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1520,8 +1520,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1615,8 +1615,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1663,8 +1663,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1754,9 +1754,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1778,7 +1778,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1821,9 +1821,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1919,9 +1919,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -1943,7 +1943,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -1994,9 +1994,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2093,8 +2093,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2189,8 +2189,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2293,8 +2293,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2352,8 +2352,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2444,8 +2444,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2503,8 +2503,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2606,8 +2606,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2656,8 +2656,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,9 +2747,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2765,7 +2765,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2796,9 +2796,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2889,8 +2889,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -2937,8 +2937,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3029,8 +3029,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3077,8 +3077,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3180,8 +3180,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3223,8 +3223,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3318,8 +3318,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3361,8 +3361,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3456,8 +3456,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3504,8 +3504,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3596,8 +3596,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3657,8 +3657,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3754,8 +3754,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3815,8 +3815,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -3914,9 +3914,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -3932,7 +3932,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4007,8 +4007,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4073,8 +4073,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4170,9 +4170,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -4180,7 +4180,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { @@ -4192,7 +4192,8 @@ "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ @@ -4212,9 +4213,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -4307,9 +4308,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -4317,7 +4318,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { @@ -4329,7 +4330,8 @@ "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ @@ -4349,9 +4351,9 @@ "epss": [ { "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -4422,44 +4424,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -4468,52 +4464,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0105 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" - ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -4529,21 +4525,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -4557,13 +4553,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4599,9 +4595,9 @@ "epss": [ { "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" } ], "cwes": [ @@ -4617,7 +4613,7 @@ "state": "" }, "advisories": [], - "risk": 0.009975000000000001 + "risk": 0.011025000000000002 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4691,9 +4687,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" } ], "cwes": [ @@ -4709,7 +4705,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010795 }, "relatedVulnerabilities": [ { @@ -4729,29 +4725,335 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "metrics": { + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04611, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.0002, + "percentile": 0.04611, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.010349999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -4766,21 +5068,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4794,13 +5096,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4834,8 +5136,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -4876,8 +5178,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -4971,8 +5273,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5013,8 +5315,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -5085,12 +5387,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -5106,18 +5408,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5129,27 +5431,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -5168,18 +5470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5200,7 +5502,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -5262,8 +5564,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5315,8 +5617,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5407,8 +5709,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5460,8 +5762,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5563,8 +5865,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -5617,8 +5919,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -5669,189 +5971,25 @@ ], "language": "", "licenses": [ - "GPLv3+" - ], - "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.00824 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" - ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-30571", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5861,100 +5999,110 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.007935 + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 5.3, + "exploitabilityScore": 1.1, "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -5976,7 +6124,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } @@ -6038,8 +6186,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6086,8 +6234,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6183,8 +6331,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6231,8 +6379,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6328,8 +6476,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6376,8 +6524,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6473,8 +6621,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6521,8 +6669,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6618,8 +6766,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6666,8 +6814,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6763,8 +6911,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6811,8 +6959,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6909,8 +7057,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -6957,8 +7105,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7039,6 +7187,160 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.007245 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + ], + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-5918", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-30258", @@ -7064,8 +7366,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7125,8 +7427,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7217,8 +7519,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7285,8 +7587,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7371,39 +7673,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7411,31 +7713,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -7443,29 +7745,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7486,7 +7788,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -7548,8 +7850,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -7618,8 +7920,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -7693,20 +7995,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7714,16 +8016,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7733,31 +8035,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -7765,10 +8066,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7776,16 +8077,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7802,21 +8103,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -7830,13 +8131,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7847,20 +8148,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-66382", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7868,17 +8169,17 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02022, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -7887,41 +8188,40 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.004129999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-66382", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://github.com/libexpat/libexpat/issues/1076", + "http://www.openwall.com/lists/oss-security/2025/12/02/1" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7929,17 +8229,17 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-66382", + "epss": 0.00014, + "percentile": 0.02022, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66382", + "cwe": "CWE-407", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -7955,21 +8255,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-66382", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -7986,10 +8286,10 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8000,37 +8300,37 @@ }, { "vulnerability": { - "id": "CVE-2025-66382", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66382", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libexpat. This vulnerability allows a denial of service (DoS) by processing a crafted file with an approximate size of 2 MiB, leading to dozens of seconds of processing time.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00013, - "percentile": 0.01611, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", "source": "cve@mitre.org", "type": "Secondary" } @@ -8040,57 +8340,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.003835 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66382", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/issues/1076", - "http://www.openwall.com/lists/oss-security/2025/12/02/1" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66382", - "epss": 0.00013, - "percentile": 0.01611, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-66382", - "cwe": "CWE-407", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", "source": "cve@mitre.org", "type": "Secondary" } @@ -8107,21 +8396,21 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66382", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8135,13 +8424,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8532,87 +8821,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.12.4.md b/docs/security/agent/grype-25.12.4.md index 332b13e..5489eec 100644 --- a/docs/security/agent/grype-25.12.4.md +++ b/docs/security/agent/grype-25.12.4.md @@ -5,14 +5,15 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.12.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.12.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -24,12 +25,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | util-linux-core | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-34.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -49,14 +51,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.7.1.json b/docs/security/agent/grype-25.7.1.json index b37388a..7a6226a 100644 --- a/docs/security/agent/grype-25.7.1.json +++ b/docs/security/agent/grype-25.7.1.json @@ -2,101 +2,104 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-52533", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-52533", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7, + "exploitabilityScore": 2.3, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "cve": "CVE-2024-52533", + "epss": 0.03091, + "percentile": 0.86383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-52533", + "cwe": "CWE-120", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [ - "2:4.9-15.el9" + "0:2.68.4-16.el9_6.2" ], "state": "fixed", "available": [ { - "version": "2:4.9-15.el9", - "date": "2025-11-12", + "version": "0:2.68.4-16.el9_6.2", + "date": "2025-07-16", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" + "id": "RHSA-2025:11140", + "link": "https://access.redhat.com/errata/RHSA-2025:11140" } ], - "risk": 1.6744199999999998 + "risk": 1.8546 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-52533", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-52533", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Critical", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://gitlab.gnome.org/GNOME/glib/-/issues/3461", + "https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1", + "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home", + "http://www.openwall.com/lists/oss-security/2024/11/12/11", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00020.html", + "https://security.netapp.com/advisory/ntap-20241206-0009/" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "cve": "CVE-2024-52533", + "epss": 0.03091, + "percentile": 0.86383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-52533", + "cwe": "CWE-120", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -112,24 +115,24 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" + "vulnerabilityID": "CVE-2024-52533", + "versionConstraint": "< 0:2.68.4-16.el9_6.2 (rpm)" }, "fix": { - "suggestedVersion": "2:4.9-15.el9" + "suggestedVersion": "0:2.68.4-16.el9_6.2" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -143,127 +146,118 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-52533", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-52533", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 7, - "exploitabilityScore": 2.3, - "impactScore": 4.8 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-52533", - "epss": 0.02743, - "percentile": 0.85518, - "date": "2025-12-22" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-52533", - "cwe": "CWE-120", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.68.4-16.el9_6.2" + "2:4.9-15.el9" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-16.el9_6.2", - "date": "2025-07-16", + "version": "2:4.9-15.el9", + "date": "2025-11-12", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:11140", - "link": "https://access.redhat.com/errata/RHSA-2025:11140" + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" } ], - "risk": 1.6458 + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-52533", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-52533", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/3461", - "https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1", - "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home", - "http://www.openwall.com/lists/oss-security/2024/11/12/11", - "https://lists.debian.org/debian-lts-announce/2024/11/msg00020.html", - "https://security.netapp.com/advisory/ntap-20241206-0009/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-52533", - "epss": 0.02743, - "percentile": 0.85518, - "date": "2025-12-22" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-52533", - "cwe": "CWE-120", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -279,24 +273,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-52533", - "versionConstraint": "< 0:2.68.4-16.el9_6.2 (rpm)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-16.el9_6.2" + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -310,17 +304,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } @@ -350,8 +350,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -429,8 +429,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -510,95 +510,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -606,21 +623,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -634,105 +651,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -747,21 +792,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -775,28 +820,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -826,8 +871,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -882,8 +927,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -951,112 +996,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1064,21 +1092,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1092,133 +1120,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1233,21 +1233,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1261,28 +1261,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1312,8 +1312,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1383,8 +1383,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1486,8 +1486,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1557,8 +1557,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1660,8 +1660,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1705,8 +1705,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1800,8 +1800,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1845,8 +1845,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1940,8 +1940,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1988,8 +1988,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -2080,8 +2080,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2164,8 +2164,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2258,9 +2258,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2282,7 +2282,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -2325,9 +2325,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2401,123 +2401,120 @@ }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.067275 + "advisories": [], + "risk": 0.067405 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.2, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2532,24 +2529,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -2563,13 +2557,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2580,120 +2574,123 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2708,21 +2705,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32988", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2736,13 +2736,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2776,8 +2776,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2872,8 +2872,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2976,8 +2976,8 @@ { "cve": "CVE-2025-4373", "epss": 0.00119, - "percentile": 0.31637, - "date": "2025-12-22" + "percentile": 0.31579, + "date": "2026-01-05" } ], "cwes": [ @@ -3051,8 +3051,8 @@ { "cve": "CVE-2025-4373", "epss": 0.00119, - "percentile": 0.31637, - "date": "2025-12-22" + "percentile": 0.31579, + "date": "2026-01-05" } ], "cwes": [ @@ -3146,8 +3146,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -3218,8 +3218,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -3313,8 +3313,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3372,8 +3372,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3464,8 +3464,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3523,8 +3523,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3603,107 +3603,138 @@ }, { "vulnerability": { - "id": "CVE-2025-32989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", + "id": "CVE-2025-5914", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.3, + "exploitabilityScore": 1.4, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "cve": "CVE-2025-5914", + "epss": 0.00062, + "percentile": 0.1959, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", + "cve": "CVE-2025-5914", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.8.3-6.el9_6.2" + "0:3.5.3-6.el9_6" ], "state": "fixed", "available": [ { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", + "version": "0:3.5.3-6.el9_6", + "date": "2025-08-21", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" + "id": "RHSA-2025:14130", + "link": "https://access.redhat.com/errata/RHSA-2025:14130" } ], - "risk": 0.044289999999999996 + "risk": 0.04588 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", + "id": "CVE-2025-5914", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", - "http://www.openwall.com/lists/oss-security/2025/07/11/3" + "https://access.redhat.com/errata/RHSA-2025:14130", + "https://access.redhat.com/errata/RHSA-2025:14135", + "https://access.redhat.com/errata/RHSA-2025:14137", + "https://access.redhat.com/errata/RHSA-2025:14141", + "https://access.redhat.com/errata/RHSA-2025:14142", + "https://access.redhat.com/errata/RHSA-2025:14525", + "https://access.redhat.com/errata/RHSA-2025:14528", + "https://access.redhat.com/errata/RHSA-2025:14594", + "https://access.redhat.com/errata/RHSA-2025:14644", + "https://access.redhat.com/errata/RHSA-2025:14808", + "https://access.redhat.com/errata/RHSA-2025:14810", + "https://access.redhat.com/errata/RHSA-2025:14828", + "https://access.redhat.com/errata/RHSA-2025:15024", + "https://access.redhat.com/errata/RHSA-2025:15397", + "https://access.redhat.com/errata/RHSA-2025:15709", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:16524", + "https://access.redhat.com/errata/RHSA-2025:18217", + "https://access.redhat.com/errata/RHSA-2025:18218", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:19041", + "https://access.redhat.com/errata/RHSA-2025:19046", + "https://access.redhat.com/errata/RHSA-2025:21885", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/security/cve/CVE-2025-5914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370861", + "https://github.com/libarchive/libarchive/pull/2598", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7.3, + "exploitabilityScore": 1.4, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "cve": "CVE-2025-5914", + "epss": 0.00062, + "percentile": 0.1959, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", + "cve": "CVE-2025-5914", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -3720,24 +3751,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32989", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + "vulnerabilityID": "CVE-2025-5914", + "versionConstraint": "< 0:3.5.3-6.el9_6 (rpm)" }, "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "suggestedVersion": "0:3.5.3-6.el9_6" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -3751,13 +3782,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3768,138 +3799,107 @@ }, { "vulnerability": { - "id": "CVE-2025-5914", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", + "id": "CVE-2025-32989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 1.4, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5914", - "epss": 0.00054, - "percentile": 0.17115, - "date": "2025-12-22" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5914", - "cwe": "CWE-415", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.5.3-6.el9_6" + "0:3.8.3-6.el9_6.2" ], "state": "fixed", "available": [ { - "version": "0:3.5.3-6.el9_6", - "date": "2025-08-21", + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:14130", - "link": "https://access.redhat.com/errata/RHSA-2025:14130" + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.03996 + "risk": 0.044289999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5914", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", + "id": "CVE-2025-32989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:14130", - "https://access.redhat.com/errata/RHSA-2025:14135", - "https://access.redhat.com/errata/RHSA-2025:14137", - "https://access.redhat.com/errata/RHSA-2025:14141", - "https://access.redhat.com/errata/RHSA-2025:14142", - "https://access.redhat.com/errata/RHSA-2025:14525", - "https://access.redhat.com/errata/RHSA-2025:14528", - "https://access.redhat.com/errata/RHSA-2025:14594", - "https://access.redhat.com/errata/RHSA-2025:14644", - "https://access.redhat.com/errata/RHSA-2025:14808", - "https://access.redhat.com/errata/RHSA-2025:14810", - "https://access.redhat.com/errata/RHSA-2025:14828", - "https://access.redhat.com/errata/RHSA-2025:15024", - "https://access.redhat.com/errata/RHSA-2025:15397", - "https://access.redhat.com/errata/RHSA-2025:15709", - "https://access.redhat.com/errata/RHSA-2025:15827", - "https://access.redhat.com/errata/RHSA-2025:15828", - "https://access.redhat.com/errata/RHSA-2025:16524", - "https://access.redhat.com/errata/RHSA-2025:18217", - "https://access.redhat.com/errata/RHSA-2025:18218", - "https://access.redhat.com/errata/RHSA-2025:18219", - "https://access.redhat.com/errata/RHSA-2025:19041", - "https://access.redhat.com/errata/RHSA-2025:19046", - "https://access.redhat.com/errata/RHSA-2025:21885", - "https://access.redhat.com/errata/RHSA-2025:21913", - "https://access.redhat.com/security/cve/CVE-2025-5914", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370861", - "https://github.com/libarchive/libarchive/pull/2598", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", + "http://www.openwall.com/lists/oss-security/2025/07/11/3" ], - "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 1.4, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5914", - "epss": 0.00054, - "percentile": 0.17115, - "date": "2025-12-22" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5914", - "cwe": "CWE-415", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } @@ -3916,24 +3916,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5914", - "versionConstraint": "< 0:3.5.3-6.el9_6 (rpm)" + "vulnerabilityID": "CVE-2025-32989", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { - "suggestedVersion": "0:3.5.3-6.el9_6" + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -3947,13 +3947,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3964,80 +3964,263 @@ }, { "vulnerability": { - "id": "CVE-2025-4207", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4207", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4207", - "epss": 0.00067, - "percentile": 0.20903, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-4207", - "cwe": "CWE-126", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.036515 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4207", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4207", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-4207/", - "http://www.openwall.com/lists/oss-security/2025/05/09/3", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} - } - ], - "epss": [ + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-7.el9_3" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "45f6f999e295a17b", + "name": "sqlite-libs", + "version": "3.34.1-7.el9_3", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:9f0b79be8c39d3327229ddefe91179edad3699b9049708d43623f4203b3b67fb", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-7.el9_3" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4207", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4207", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4207", + "epss": 0.00067, + "percentile": 0.2095, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4207", + "cwe": "CWE-126", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.036515 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4207", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4207", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2025-4207/", + "http://www.openwall.com/lists/oss-security/2025/05/09/3", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html" + ], + "description": "Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ { "cve": "CVE-2025-4207", "epss": 0.00067, - "percentile": 0.20903, - "date": "2025-12-22" + "percentile": 0.2095, + "date": "2026-01-05" } ], "cwes": [ @@ -4128,8 +4311,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -4175,8 +4358,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -4267,8 +4450,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -4317,8 +4500,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -4386,140 +4569,87 @@ }, { "vulnerability": { - "id": "CVE-2022-29458", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00068, - "percentile": 0.21084, - "date": "2025-12-22" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:6.2-10.20210508.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:6.2-10.20210508.el9_6.2", - "date": "2025-08-06", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12876", - "link": "https://access.redhat.com/errata/RHSA-2025:12876" - } - ], - "risk": 0.03094 + "advisories": [], + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-29458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "http://seclists.org/fulldisclosure/2022/Oct/28", - "http://seclists.org/fulldisclosure/2022/Oct/41", - "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", - "https://support.apple.com/kb/HT213488" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "metrics": { - "baseScore": 5.8, - "exploitabilityScore": 8.6, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-29458", - "epss": 0.00068, - "percentile": 0.21084, - "date": "2025-12-22" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4527,7 +4657,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4535,24 +4665,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-29458", - "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:6.2-10.20210508.el9_6.2" + "vulnerabilityID": "CVE-2025-3360", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f866293dd48b75b0", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -4566,25 +4693,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4594,148 +4710,132 @@ }, { "vulnerability": { - "id": "CVE-2022-29458", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", + "id": "CVE-2025-32414", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32414", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.6, + "exploitabilityScore": 1.5, + "impactScore": 3.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00068, - "percentile": 0.21084, - "date": "2025-12-22" + "cve": "CVE-2025-32414", + "epss": 0.00063, + "percentile": 0.19823, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-32414", + "cwe": "CWE-393", + "source": "cve@mitre.org", + "type": "Secondary" }, { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-32414", + "cwe": "CWE-252", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:6.2-10.20210508.el9_6.2" + "0:2.9.13-12.el9_6" ], "state": "fixed", "available": [ { - "version": "0:6.2-10.20210508.el9_6.2", - "date": "2025-08-06", + "version": "0:2.9.13-12.el9_6", + "date": "2025-08-08", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:12876", - "link": "https://access.redhat.com/errata/RHSA-2025:12876" + "id": "RHSA-2025:13428", + "link": "https://access.redhat.com/errata/RHSA-2025:13428" } ], - "risk": 0.03094 + "risk": 0.03339 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-29458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", + "id": "CVE-2025-32414", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://seclists.org/fulldisclosure/2022/Oct/28", - "http://seclists.org/fulldisclosure/2022/Oct/41", - "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", - "https://support.apple.com/kb/HT213488" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" ], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.8, - "exploitabilityScore": 8.6, - "impactScore": 5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 5.6, + "exploitabilityScore": 1.5, + "impactScore": 3.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00068, - "percentile": 0.21084, - "date": "2025-12-22" + "cve": "CVE-2025-32414", + "epss": 0.00063, + "percentile": 0.19823, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-32414", + "cwe": "CWE-393", + "source": "cve@mitre.org", + "type": "Secondary" }, { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-32414", + "cwe": "CWE-252", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4743,24 +4843,24 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-29458", - "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" + "vulnerabilityID": "CVE-2025-32414", + "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" }, "fix": { - "suggestedVersion": "0:6.2-10.20210508.el9_6.2" + "suggestedVersion": "0:2.9.13-12.el9_6" } } ], "artifact": { - "id": "f3ef10418ec3cca6", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -4777,22 +4877,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4802,20 +4891,20 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4823,18 +4912,18 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4842,48 +4931,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4898,21 +4986,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4926,13 +5014,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4966,8 +5054,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -5014,8 +5102,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -5030,7 +5118,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5039,7 +5127,7 @@ }, "package": { "name": "pcre2", - "version": "0:10.40-6.el9" + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -5050,8 +5138,8 @@ } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", "version": "10.40-6.el9", "type": "rpm", "locations": [ @@ -5069,11 +5157,22 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5083,39 +5182,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -5123,28 +5214,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5152,18 +5246,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -5178,21 +5264,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "f866293dd48b75b0", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -5206,23 +5292,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -5234,116 +5320,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.2 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -5358,24 +5402,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-7.el9_3" - }, + "name": "ncurses", + "version": "6.2-10.20210508.el9" + }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "45f6f999e295a17b", - "name": "sqlite-libs", - "version": "3.34.1-7.el9_3", + "id": "f3ef10418ec3cca6", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -5389,23 +5430,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-7.el9_3" + "name": "ncurses", + "version": "6.2-10.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -5417,81 +5458,142 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-7425", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7425", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "cve": "CVE-2025-7425", + "epss": 0.0003, + "percentile": 0.08162, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7425", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-11.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-11.el9_6", + "date": "2025-08-01", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024225 + "advisories": [ + { + "id": "RHSA-2025:12447", + "link": "https://access.redhat.com/errata/RHSA-2025:12447" + } + ], + "risk": 0.022949999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-7425", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/errata/RHSA-2025:12447", + "https://access.redhat.com/errata/RHSA-2025:12450", + "https://access.redhat.com/errata/RHSA-2025:13267", + "https://access.redhat.com/errata/RHSA-2025:13308", + "https://access.redhat.com/errata/RHSA-2025:13309", + "https://access.redhat.com/errata/RHSA-2025:13310", + "https://access.redhat.com/errata/RHSA-2025:13311", + "https://access.redhat.com/errata/RHSA-2025:13312", + "https://access.redhat.com/errata/RHSA-2025:13313", + "https://access.redhat.com/errata/RHSA-2025:13314", + "https://access.redhat.com/errata/RHSA-2025:13335", + "https://access.redhat.com/errata/RHSA-2025:13464", + "https://access.redhat.com/errata/RHSA-2025:13622", + "https://access.redhat.com/errata/RHSA-2025:14059", + "https://access.redhat.com/errata/RHSA-2025:14396", + "https://access.redhat.com/errata/RHSA-2025:14818", + "https://access.redhat.com/errata/RHSA-2025:14819", + "https://access.redhat.com/errata/RHSA-2025:14853", + "https://access.redhat.com/errata/RHSA-2025:14858", + "https://access.redhat.com/errata/RHSA-2025:15308", + "https://access.redhat.com/errata/RHSA-2025:15672", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:21885", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/security/cve/CVE-2025-7425", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379274", + "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140", + "http://seclists.org/fulldisclosure/2025/Aug/0", + "http://seclists.org/fulldisclosure/2025/Jul/30", + "http://seclists.org/fulldisclosure/2025/Jul/32", + "http://seclists.org/fulldisclosure/2025/Jul/35", + "http://seclists.org/fulldisclosure/2025/Jul/37", + "http://www.openwall.com/lists/oss-security/2025/07/11/2", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "cve": "CVE-2025-7425", + "epss": 0.0003, + "percentile": 0.08162, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7425", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5499,21 +5601,24 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-7425", + "versionConstraint": "< 0:2.9.13-11.el9_6 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-11.el9_6" } } ], "artifact": { - "id": "f866293dd48b75b0", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -5530,22 +5635,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5555,12 +5649,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5576,10 +5670,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10659, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5587,25 +5689,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -5619,17 +5718,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10659, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5637,21 +5744,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f3ef10418ec3cca6", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -5665,25 +5772,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5693,142 +5789,107 @@ }, { "vulnerability": { - "id": "CVE-2025-7425", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7425", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7425", - "epss": 0.0003, - "percentile": 0.08096, - "date": "2025-12-22" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-7425", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-11.el9_6" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-11.el9_6", - "date": "2025-08-01", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12447", - "link": "https://access.redhat.com/errata/RHSA-2025:12447" - } - ], - "risk": 0.022949999999999998 + "advisories": [], + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7425", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:12447", - "https://access.redhat.com/errata/RHSA-2025:12450", - "https://access.redhat.com/errata/RHSA-2025:13267", - "https://access.redhat.com/errata/RHSA-2025:13308", - "https://access.redhat.com/errata/RHSA-2025:13309", - "https://access.redhat.com/errata/RHSA-2025:13310", - "https://access.redhat.com/errata/RHSA-2025:13311", - "https://access.redhat.com/errata/RHSA-2025:13312", - "https://access.redhat.com/errata/RHSA-2025:13313", - "https://access.redhat.com/errata/RHSA-2025:13314", - "https://access.redhat.com/errata/RHSA-2025:13335", - "https://access.redhat.com/errata/RHSA-2025:13464", - "https://access.redhat.com/errata/RHSA-2025:13622", - "https://access.redhat.com/errata/RHSA-2025:14059", - "https://access.redhat.com/errata/RHSA-2025:14396", - "https://access.redhat.com/errata/RHSA-2025:14818", - "https://access.redhat.com/errata/RHSA-2025:14819", - "https://access.redhat.com/errata/RHSA-2025:14853", - "https://access.redhat.com/errata/RHSA-2025:14858", - "https://access.redhat.com/errata/RHSA-2025:15308", - "https://access.redhat.com/errata/RHSA-2025:15672", - "https://access.redhat.com/errata/RHSA-2025:15827", - "https://access.redhat.com/errata/RHSA-2025:15828", - "https://access.redhat.com/errata/RHSA-2025:18219", - "https://access.redhat.com/errata/RHSA-2025:21885", - "https://access.redhat.com/errata/RHSA-2025:21913", - "https://access.redhat.com/security/cve/CVE-2025-7425", - "https://bugzilla.redhat.com/show_bug.cgi?id=2379274", - "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140", - "http://seclists.org/fulldisclosure/2025/Aug/0", - "http://seclists.org/fulldisclosure/2025/Jul/30", - "http://seclists.org/fulldisclosure/2025/Jul/32", - "http://seclists.org/fulldisclosure/2025/Jul/35", - "http://seclists.org/fulldisclosure/2025/Jul/37", - "http://www.openwall.com/lists/oss-security/2025/07/11/2", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7425", - "epss": 0.0003, - "percentile": 0.08096, - "date": "2025-12-22" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-7425", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5836,24 +5897,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7425", - "versionConstraint": "< 0:2.9.13-11.el9_6 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-11.el9_6" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -5867,14 +5925,19 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5884,20 +5947,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5905,17 +5968,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -5924,46 +5987,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" - } + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15601, + "date": "2026-01-05" + } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -5971,7 +6047,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5979,21 +6055,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6007,14 +6083,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6024,70 +6105,93 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2022-29458", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "cve": "CVE-2022-29458", + "epss": 0.00045, + "percentile": 0.13715, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:6.2-10.20210508.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:6.2-10.20210508.el9_6.2", + "date": "2025-08-06", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:12876", + "link": "https://access.redhat.com/errata/RHSA-2025:12876" + } + ], + "risk": 0.020475 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2022-29458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", + "https://support.apple.com/kb/HT213488" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 7.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -6095,29 +6199,47 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "metrics": { - "baseScore": 4.3, + "baseScore": 5.8, "exploitabilityScore": 8.6, - "impactScore": 2.9 + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "cve": "CVE-2022-29458", + "epss": 0.00045, + "percentile": 0.13715, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6132,21 +6254,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2022-29458", + "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:6.2-10.20210508.el9_6.2" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "f866293dd48b75b0", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -6160,17 +6285,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -6182,70 +6313,93 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2022-29458", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "cve": "CVE-2022-29458", + "epss": 0.00045, + "percentile": 0.13715, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:6.2-10.20210508.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:6.2-10.20210508.el9_6.2", + "date": "2025-08-06", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:12876", + "link": "https://access.redhat.com/errata/RHSA-2025:12876" + } + ], + "risk": 0.020475 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2022-29458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", + "https://support.apple.com/kb/HT213488" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 7.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -6253,219 +6407,54 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "metrics": { - "baseScore": 4.3, + "baseScore": 5.8, "exploitabilityScore": 8.6, - "impactScore": 2.9 + "impactScore": 5 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:9f0b79be8c39d3327229ddefe91179edad3699b9049708d43623f4203b3b67fb", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-32414", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32414", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.5, - "impactScore": 3.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32414", - "epss": 0.0004, - "percentile": 0.12058, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32414", - "cwe": "CWE-393", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-32414", - "cwe": "CWE-252", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "0:2.9.13-12.el9_6" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-12.el9_6", - "date": "2025-08-08", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:13428", - "link": "https://access.redhat.com/errata/RHSA-2025:13428" - } - ], - "risk": 0.021200000000000004 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-32414", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" - ], - "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.5, - "impactScore": 3.8 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32414", - "epss": 0.0004, - "percentile": 0.12058, - "date": "2025-12-22" + "cve": "CVE-2022-29458", + "epss": 0.00045, + "percentile": 0.13715, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32414", - "cwe": "CWE-393", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-32414", - "cwe": "CWE-252", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6473,24 +6462,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32414", - "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" + "vulnerabilityID": "CVE-2022-29458", + "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-12.el9_6" + "suggestedVersion": "0:6.2-10.20210508.el9_6.2" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "f3ef10418ec3cca6", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -6507,11 +6496,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6543,9 +6543,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -6575,7 +6575,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -6618,9 +6618,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -6702,23 +6702,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-32415", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32415", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6726,26 +6723,210 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "cve": "CVE-2025-32415", + "epss": 0.0003, + "percentile": 0.08065, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-32415", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-32415", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.01785 + "versions": [ + "0:2.9.13-12.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-12.el9_6", + "date": "2025-08-08", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:13428", + "link": "https://access.redhat.com/errata/RHSA-2025:13428" + } + ], + "risk": 0.01875 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-32415", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" + ], + "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-32415", + "epss": 0.0003, + "percentile": 0.08065, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32415", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-32415", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-32415", + "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-12.el9_6" + } + } + ], + "artifact": { + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:9f0b79be8c39d3327229ddefe91179edad3699b9049708d43623f4203b3b67fb", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -6797,122 +6978,108 @@ }, { "vulnerability": { - "id": "CVE-2025-32415", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32415", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32415", - "epss": 0.00024, - "percentile": 0.05927, - "date": "2025-12-22" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32415", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-32415", + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-12.el9_6" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-12.el9_6", - "date": "2025-08-08", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:13428", - "link": "https://access.redhat.com/errata/RHSA-2025:13428" - } - ], - "risk": 0.015000000000000001 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32415", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32415", - "epss": 0.00024, - "percentile": 0.05927, - "date": "2025-12-22" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32415", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-32415", + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -6930,24 +7097,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32415", - "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-12.el9_6" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6961,13 +7125,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6978,45 +7142,169 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9" + }, + "namespace": "redhat:distro:redhat:9" }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", + "type": "rpm", + "locations": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:9f0b79be8c39d3327229ddefe91179edad3699b9049708d43623f4203b3b67fb", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -7024,72 +7312,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7097,21 +7362,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -7125,14 +7390,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7165,8 +7441,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -7241,8 +7517,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -7342,8 +7618,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -7418,8 +7694,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -7530,8 +7806,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -7604,8 +7880,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -7676,31 +7952,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7708,48 +7992,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7757,21 +8053,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7785,25 +8081,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7813,31 +8098,134 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.7.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "12750b0154864a80", + "name": "fluent-bit", + "version": "25.7.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:b5cacb7493b82207944416629028f215df554c7ef8d27bea457ac23f17a089ae", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.7.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7845,48 +8233,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7894,21 +8290,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -7922,25 +8318,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7973,8 +8358,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -8027,8 +8412,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -8102,134 +8487,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.7.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "12750b0154864a80", - "name": "fluent-bit", - "version": "25.7.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:b5cacb7493b82207944416629028f215df554c7ef8d27bea457ac23f17a089ae", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.7.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -8237,49 +8527,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -8294,21 +8596,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -8322,13 +8624,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8362,8 +8664,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -8404,8 +8706,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -8499,8 +8801,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -8541,8 +8843,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -8613,101 +8915,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008969999999999999 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.009200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -8722,21 +9023,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "da5839ff511a0a9f", + "name": "glibc", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -8750,13 +9054,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8767,91 +9071,99 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008539999999999999 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.009200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8859,7 +9171,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8867,21 +9179,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "74f56e50def25fa2", + "name": "glibc-common", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -8895,108 +9210,127 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.20" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008539999999999999 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.009200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9012,21 +9346,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "dd1fd0cf3974da95", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9040,120 +9377,131 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.20" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00846 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.009200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9169,21 +9517,24 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b930958ae5e6f15d", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9197,23 +9548,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" } ], "metadataType": "RpmMetadata", @@ -9225,110 +9580,100 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.00824 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9350,7 +9695,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -9389,38 +9734,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9429,60 +9774,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9498,21 +9834,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9526,116 +9862,108 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.00782 + "advisories": [], + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9643,7 +9971,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9651,24 +9979,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.20" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da5839ff511a0a9f", - "name": "glibc", - "version": "2.34-168.el9_6.20", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9682,116 +10007,120 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.00782 + "advisories": [], + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9807,24 +10136,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "74f56e50def25fa2", - "name": "glibc-common", - "version": "2.34-168.el9_6.20", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9838,23 +10164,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -9866,99 +10192,110 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.00782 + "advisories": [], + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9966,7 +10303,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9974,24 +10311,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dd1fd0cf3974da95", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.20", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -10005,29 +10339,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.20" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10037,100 +10356,87 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.00782 + "advisories": [], + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -10145,24 +10451,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b930958ae5e6f15d", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.20", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -10176,27 +10479,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -10231,8 +10524,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10279,8 +10572,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10315,8 +10608,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -10334,10 +10627,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -10376,8 +10669,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10424,8 +10717,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10460,8 +10753,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -10479,10 +10772,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -10521,8 +10814,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10569,8 +10862,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10605,8 +10898,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -10621,13 +10914,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -10643,36 +10936,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -10683,44 +10976,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -10730,7 +11037,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10738,21 +11045,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -10769,16 +11076,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10811,8 +11113,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -10872,8 +11174,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -10964,8 +11266,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -11032,8 +11334,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -11118,39 +11420,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -11158,31 +11460,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -11190,29 +11492,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -11233,7 +11535,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -11295,8 +11597,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -11365,8 +11667,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -11440,20 +11742,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11461,16 +11763,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -11480,31 +11782,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -11512,10 +11813,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11523,16 +11824,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -11549,21 +11850,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -11577,13 +11878,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11594,38 +11895,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -11634,59 +11935,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11702,21 +11991,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11730,13 +12019,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12098,87 +12387,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.7.1.md b/docs/security/agent/grype-25.7.1.md index 8e8a828..fc2fc47 100644 --- a/docs/security/agent/grype-25.7.1.md +++ b/docs/security/agent/grype-25.7.1.md @@ -8,6 +8,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-5.el9_6 | [CVE-2025-5914](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5914) | High | | sqlite-libs | 3.34.1-7.el9_3 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-7425](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7425) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9 | [CVE-2024-52533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52533) | Medium | | glib2 | 2.68.4-16.el9 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | @@ -17,38 +18,39 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnutls | 3.8.3-6.el9 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | | libpq | 13.20-1.el9_5 | [CVE-2025-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4207) | Medium | | libpq | 13.20-1.el9_5 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| glib2 | 2.68.4-16.el9 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-32414](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414) | Medium | +| glib2 | 2.68.4-16.el9 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| fluent-bit | 25.7.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-32415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415) | Medium | +| fluent-bit | 25.7.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-5.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.7.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-5.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-5.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glibc | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | glibc-common | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | glibc-langpack-en | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-5.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-10.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-10.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -59,8 +61,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | libxml2 | 2.9.13-10.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| ncurses-base | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | -| ncurses-libs | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | | glib2 | 2.68.4-16.el9 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -68,15 +68,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | ncurses-libs | 6.2-10.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| ncurses-base | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | +| ncurses-libs | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-5.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-7.el9_3 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-5.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.7.2.json b/docs/security/agent/grype-25.7.2.json index 2f82089..3497b06 100644 --- a/docs/security/agent/grype-25.7.2.json +++ b/docs/security/agent/grype-25.7.2.json @@ -2,101 +2,104 @@ "matches": [ { "vulnerability": { - "id": "CVE-2024-56433", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", + "id": "CVE-2024-52533", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-52533", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", + "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 7, + "exploitabilityScore": 2.3, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "cve": "CVE-2024-52533", + "epss": 0.03091, + "percentile": 0.86383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-52533", + "cwe": "CWE-120", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [ - "2:4.9-15.el9" + "0:2.68.4-16.el9_6.2" ], "state": "fixed", "available": [ { - "version": "2:4.9-15.el9", - "date": "2025-11-12", + "version": "0:2.68.4-16.el9_6.2", + "date": "2025-07-16", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:20559", - "link": "https://access.redhat.com/errata/RHSA-2025:20559" + "id": "RHSA-2025:11140", + "link": "https://access.redhat.com/errata/RHSA-2025:11140" } ], - "risk": 1.6744199999999998 + "risk": 1.8546 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-56433", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", + "id": "CVE-2024-52533", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-52533", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Critical", "urls": [ - "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", - "https://github.com/shadow-maint/shadow/issues/1157", - "https://github.com/shadow-maint/shadow/releases/tag/4.4" + "https://gitlab.gnome.org/GNOME/glib/-/issues/3461", + "https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1", + "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home", + "http://www.openwall.com/lists/oss-security/2024/11/12/11", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00020.html", + "https://security.netapp.com/advisory/ntap-20241206-0009/" ], - "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", + "description": "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.6, - "exploitabilityScore": 1.1, - "impactScore": 2.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-56433", - "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "cve": "CVE-2024-52533", + "epss": 0.03091, + "percentile": 0.86383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-56433", - "cwe": "CWE-1188", - "source": "cve@mitre.org", + "cve": "CVE-2024-52533", + "cwe": "CWE-120", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -112,24 +115,24 @@ "version": "9.6" }, "package": { - "name": "shadow-utils", - "version": "2:4.9-12.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-56433", - "versionConstraint": "< 2:4.9-15.el9 (rpm)" + "vulnerabilityID": "CVE-2024-52533", + "versionConstraint": "< 0:2.68.4-16.el9_6.2 (rpm)" }, "fix": { - "suggestedVersion": "2:4.9-15.el9" + "suggestedVersion": "0:2.68.4-16.el9_6.2" } } ], "artifact": { - "id": "a13525dc6156c86d", - "name": "shadow-utils", - "version": "2:4.9-12.el9", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -143,127 +146,118 @@ ], "language": "", "licenses": [ - "BSD and GPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 2, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-52533", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-52533", + "id": "CVE-2024-56433", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-56433", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", + "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 7, - "exploitabilityScore": 2.3, - "impactScore": 4.8 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-52533", - "epss": 0.02743, - "percentile": 0.85518, - "date": "2025-12-22" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-52533", - "cwe": "CWE-120", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.68.4-16.el9_6.2" + "2:4.9-15.el9" ], "state": "fixed", "available": [ { - "version": "0:2.68.4-16.el9_6.2", - "date": "2025-07-16", + "version": "2:4.9-15.el9", + "date": "2025-11-12", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:11140", - "link": "https://access.redhat.com/errata/RHSA-2025:11140" + "id": "RHSA-2025:20559", + "link": "https://access.redhat.com/errata/RHSA-2025:20559" } ], - "risk": 1.6458 + "risk": 1.6744199999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-52533", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-52533", + "id": "CVE-2024-56433", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/3461", - "https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1", - "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home", - "http://www.openwall.com/lists/oss-security/2024/11/12/11", - "https://lists.debian.org/debian-lts-announce/2024/11/msg00020.html", - "https://security.netapp.com/advisory/ntap-20241206-0009/" + "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", + "https://github.com/shadow-maint/shadow/issues/1157", + "https://github.com/shadow-maint/shadow/releases/tag/4.4" ], - "description": "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character.", + "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 3.6, + "exploitabilityScore": 1.1, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-52533", - "epss": 0.02743, - "percentile": 0.85518, - "date": "2025-12-22" + "cve": "CVE-2024-56433", + "epss": 0.05074, + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-52533", - "cwe": "CWE-120", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2024-56433", + "cwe": "CWE-1188", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -279,24 +273,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" + "name": "shadow-utils", + "version": "2:4.9-12.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-52533", - "versionConstraint": "< 0:2.68.4-16.el9_6.2 (rpm)" + "vulnerabilityID": "CVE-2024-56433", + "versionConstraint": "< 2:4.9-15.el9 (rpm)" }, "fix": { - "suggestedVersion": "0:2.68.4-16.el9_6.2" + "suggestedVersion": "2:4.9-15.el9" } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", + "id": "a13525dc6156c86d", + "name": "shadow-utils", + "version": "2:4.9-12.el9", "type": "rpm", "locations": [ { @@ -310,17 +304,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD and GPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:shadow-utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow-utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow_utils:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow-utils:2\\:4.9-12.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:shadow:shadow_utils:2\\:4.9-12.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "purl": "pkg:rpm/redhat/shadow-utils@4.9-12.el9?arch=x86_64&distro=rhel-9.6&epoch=2&upstream=shadow-utils-4.9-12.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 2, "modularityLabel": "" } } @@ -350,8 +350,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -429,8 +429,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -510,95 +510,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -606,21 +623,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -634,105 +651,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -747,21 +792,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -775,28 +820,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -826,8 +871,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -882,8 +927,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -951,112 +996,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -1064,21 +1092,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1092,133 +1120,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1233,21 +1233,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1261,28 +1261,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1312,8 +1312,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1383,8 +1383,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1486,8 +1486,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1557,8 +1557,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1660,8 +1660,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1705,8 +1705,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1800,8 +1800,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1845,8 +1845,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1940,8 +1940,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1988,8 +1988,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -2080,8 +2080,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2164,8 +2164,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2258,9 +2258,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2282,7 +2282,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -2325,9 +2325,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2401,123 +2401,120 @@ }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.067275 + "advisories": [], + "risk": 0.067405 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.2, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2532,24 +2529,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -2563,13 +2557,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2580,120 +2574,123 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2708,21 +2705,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32988", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2736,13 +2736,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2776,8 +2776,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2872,8 +2872,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2976,8 +2976,8 @@ { "cve": "CVE-2025-4373", "epss": 0.00119, - "percentile": 0.31637, - "date": "2025-12-22" + "percentile": 0.31579, + "date": "2026-01-05" } ], "cwes": [ @@ -3051,8 +3051,8 @@ { "cve": "CVE-2025-4373", "epss": 0.00119, - "percentile": 0.31637, - "date": "2025-12-22" + "percentile": 0.31579, + "date": "2026-01-05" } ], "cwes": [ @@ -3146,8 +3146,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -3218,8 +3218,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -3313,8 +3313,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3372,8 +3372,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3464,8 +3464,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3523,8 +3523,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3603,107 +3603,138 @@ }, { "vulnerability": { - "id": "CVE-2025-32989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", + "id": "CVE-2025-5914", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.3, + "exploitabilityScore": 1.4, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "cve": "CVE-2025-5914", + "epss": 0.00062, + "percentile": 0.1959, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", + "cve": "CVE-2025-5914", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.8.3-6.el9_6.2" + "0:3.5.3-6.el9_6" ], "state": "fixed", "available": [ { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", + "version": "0:3.5.3-6.el9_6", + "date": "2025-08-21", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" + "id": "RHSA-2025:14130", + "link": "https://access.redhat.com/errata/RHSA-2025:14130" } ], - "risk": 0.044289999999999996 + "risk": 0.04588 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", + "id": "CVE-2025-5914", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", - "http://www.openwall.com/lists/oss-security/2025/07/11/3" + "https://access.redhat.com/errata/RHSA-2025:14130", + "https://access.redhat.com/errata/RHSA-2025:14135", + "https://access.redhat.com/errata/RHSA-2025:14137", + "https://access.redhat.com/errata/RHSA-2025:14141", + "https://access.redhat.com/errata/RHSA-2025:14142", + "https://access.redhat.com/errata/RHSA-2025:14525", + "https://access.redhat.com/errata/RHSA-2025:14528", + "https://access.redhat.com/errata/RHSA-2025:14594", + "https://access.redhat.com/errata/RHSA-2025:14644", + "https://access.redhat.com/errata/RHSA-2025:14808", + "https://access.redhat.com/errata/RHSA-2025:14810", + "https://access.redhat.com/errata/RHSA-2025:14828", + "https://access.redhat.com/errata/RHSA-2025:15024", + "https://access.redhat.com/errata/RHSA-2025:15397", + "https://access.redhat.com/errata/RHSA-2025:15709", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:16524", + "https://access.redhat.com/errata/RHSA-2025:18217", + "https://access.redhat.com/errata/RHSA-2025:18218", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:19041", + "https://access.redhat.com/errata/RHSA-2025:19046", + "https://access.redhat.com/errata/RHSA-2025:21885", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/security/cve/CVE-2025-5914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370861", + "https://github.com/libarchive/libarchive/pull/2598", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7.3, + "exploitabilityScore": 1.4, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "cve": "CVE-2025-5914", + "epss": 0.00062, + "percentile": 0.1959, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", + "cve": "CVE-2025-5914", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -3720,24 +3751,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32989", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + "vulnerabilityID": "CVE-2025-5914", + "versionConstraint": "< 0:3.5.3-6.el9_6 (rpm)" }, "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "suggestedVersion": "0:3.5.3-6.el9_6" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -3751,13 +3782,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3768,138 +3799,107 @@ }, { "vulnerability": { - "id": "CVE-2025-5914", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", + "id": "CVE-2025-32989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 1.4, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5914", - "epss": 0.00054, - "percentile": 0.17115, - "date": "2025-12-22" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5914", - "cwe": "CWE-415", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.5.3-6.el9_6" + "0:3.8.3-6.el9_6.2" ], "state": "fixed", "available": [ { - "version": "0:3.5.3-6.el9_6", - "date": "2025-08-21", + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:14130", - "link": "https://access.redhat.com/errata/RHSA-2025:14130" + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.03996 + "risk": 0.044289999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5914", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", + "id": "CVE-2025-32989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:14130", - "https://access.redhat.com/errata/RHSA-2025:14135", - "https://access.redhat.com/errata/RHSA-2025:14137", - "https://access.redhat.com/errata/RHSA-2025:14141", - "https://access.redhat.com/errata/RHSA-2025:14142", - "https://access.redhat.com/errata/RHSA-2025:14525", - "https://access.redhat.com/errata/RHSA-2025:14528", - "https://access.redhat.com/errata/RHSA-2025:14594", - "https://access.redhat.com/errata/RHSA-2025:14644", - "https://access.redhat.com/errata/RHSA-2025:14808", - "https://access.redhat.com/errata/RHSA-2025:14810", - "https://access.redhat.com/errata/RHSA-2025:14828", - "https://access.redhat.com/errata/RHSA-2025:15024", - "https://access.redhat.com/errata/RHSA-2025:15397", - "https://access.redhat.com/errata/RHSA-2025:15709", - "https://access.redhat.com/errata/RHSA-2025:15827", - "https://access.redhat.com/errata/RHSA-2025:15828", - "https://access.redhat.com/errata/RHSA-2025:16524", - "https://access.redhat.com/errata/RHSA-2025:18217", - "https://access.redhat.com/errata/RHSA-2025:18218", - "https://access.redhat.com/errata/RHSA-2025:18219", - "https://access.redhat.com/errata/RHSA-2025:19041", - "https://access.redhat.com/errata/RHSA-2025:19046", - "https://access.redhat.com/errata/RHSA-2025:21885", - "https://access.redhat.com/errata/RHSA-2025:21913", - "https://access.redhat.com/security/cve/CVE-2025-5914", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370861", - "https://github.com/libarchive/libarchive/pull/2598", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", + "http://www.openwall.com/lists/oss-security/2025/07/11/3" ], - "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 1.4, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5914", - "epss": 0.00054, - "percentile": 0.17115, - "date": "2025-12-22" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5914", - "cwe": "CWE-415", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } @@ -3916,24 +3916,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5914", - "versionConstraint": "< 0:3.5.3-6.el9_6 (rpm)" + "vulnerabilityID": "CVE-2025-32989", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { - "suggestedVersion": "0:3.5.3-6.el9_6" + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -3947,13 +3947,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3964,80 +3964,263 @@ }, { "vulnerability": { - "id": "CVE-2025-4207", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4207", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4207", - "epss": 0.00067, - "percentile": 0.20903, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-4207", - "cwe": "CWE-126", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.036515 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4207", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4207", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-4207/", - "http://www.openwall.com/lists/oss-security/2025/05/09/3", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, "vendorMetadata": {} - } - ], - "epss": [ + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-7.el9_3" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "45f6f999e295a17b", + "name": "sqlite-libs", + "version": "3.34.1-7.el9_3", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ae5872a20ea86e6a5ad9645ef9a8b10c3a72f912eda3ccbf7db35c7bfa34be38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-7.el9_3" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4207", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4207", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4207", + "epss": 0.00067, + "percentile": 0.2095, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4207", + "cwe": "CWE-126", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.036515 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4207", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4207", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2025-4207/", + "http://www.openwall.com/lists/oss-security/2025/05/09/3", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html" + ], + "description": "Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ { "cve": "CVE-2025-4207", "epss": 0.00067, - "percentile": 0.20903, - "date": "2025-12-22" + "percentile": 0.2095, + "date": "2026-01-05" } ], "cwes": [ @@ -4128,8 +4311,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -4175,8 +4358,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -4267,8 +4450,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -4317,8 +4500,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -4386,140 +4569,87 @@ }, { "vulnerability": { - "id": "CVE-2022-29458", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00068, - "percentile": 0.21084, - "date": "2025-12-22" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:6.2-10.20210508.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:6.2-10.20210508.el9_6.2", - "date": "2025-08-06", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12876", - "link": "https://access.redhat.com/errata/RHSA-2025:12876" - } - ], - "risk": 0.03094 + "advisories": [], + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-29458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "http://seclists.org/fulldisclosure/2022/Oct/28", - "http://seclists.org/fulldisclosure/2022/Oct/41", - "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", - "https://support.apple.com/kb/HT213488" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "metrics": { - "baseScore": 5.8, - "exploitabilityScore": 8.6, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-29458", - "epss": 0.00068, - "percentile": 0.21084, - "date": "2025-12-22" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4527,7 +4657,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4535,24 +4665,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-29458", - "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:6.2-10.20210508.el9_6.2" + "vulnerabilityID": "CVE-2025-3360", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f866293dd48b75b0", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -4566,25 +4693,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4594,148 +4710,132 @@ }, { "vulnerability": { - "id": "CVE-2022-29458", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", + "id": "CVE-2025-32414", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32414", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.6, + "exploitabilityScore": 1.5, + "impactScore": 3.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00068, - "percentile": 0.21084, - "date": "2025-12-22" + "cve": "CVE-2025-32414", + "epss": 0.00063, + "percentile": 0.19823, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-32414", + "cwe": "CWE-393", + "source": "cve@mitre.org", + "type": "Secondary" }, { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-32414", + "cwe": "CWE-252", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:6.2-10.20210508.el9_6.2" + "0:2.9.13-12.el9_6" ], "state": "fixed", "available": [ { - "version": "0:6.2-10.20210508.el9_6.2", - "date": "2025-08-06", + "version": "0:2.9.13-12.el9_6", + "date": "2025-08-08", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:12876", - "link": "https://access.redhat.com/errata/RHSA-2025:12876" + "id": "RHSA-2025:13428", + "link": "https://access.redhat.com/errata/RHSA-2025:13428" } ], - "risk": 0.03094 + "risk": 0.03339 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-29458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", + "id": "CVE-2025-32414", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://seclists.org/fulldisclosure/2022/Oct/28", - "http://seclists.org/fulldisclosure/2022/Oct/41", - "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", - "https://support.apple.com/kb/HT213488" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" ], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.8, - "exploitabilityScore": 8.6, - "impactScore": 5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 5.6, + "exploitabilityScore": 1.5, + "impactScore": 3.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00068, - "percentile": 0.21084, - "date": "2025-12-22" + "cve": "CVE-2025-32414", + "epss": 0.00063, + "percentile": 0.19823, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-32414", + "cwe": "CWE-393", + "source": "cve@mitre.org", + "type": "Secondary" }, { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-32414", + "cwe": "CWE-252", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4743,24 +4843,24 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-29458", - "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" + "vulnerabilityID": "CVE-2025-32414", + "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" }, "fix": { - "suggestedVersion": "0:6.2-10.20210508.el9_6.2" + "suggestedVersion": "0:2.9.13-12.el9_6" } } ], "artifact": { - "id": "f3ef10418ec3cca6", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -4777,22 +4877,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4802,20 +4891,20 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4823,18 +4912,18 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4842,48 +4931,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4898,21 +4986,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4926,13 +5014,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4966,8 +5054,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -5014,8 +5102,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -5030,7 +5118,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5039,7 +5127,7 @@ }, "package": { "name": "pcre2", - "version": "0:10.40-6.el9" + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -5050,8 +5138,8 @@ } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", "version": "10.40-6.el9", "type": "rpm", "locations": [ @@ -5069,11 +5157,22 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5083,39 +5182,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -5123,28 +5214,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5152,18 +5246,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -5178,21 +5264,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "f866293dd48b75b0", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -5206,23 +5292,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -5234,116 +5320,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.2 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -5358,24 +5402,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-7.el9_3" - }, + "name": "ncurses", + "version": "6.2-10.20210508.el9" + }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "45f6f999e295a17b", - "name": "sqlite-libs", - "version": "3.34.1-7.el9_3", + "id": "f3ef10418ec3cca6", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -5389,23 +5430,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-7.el9_3" + "name": "ncurses", + "version": "6.2-10.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -5417,81 +5458,142 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-7425", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7425", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "cve": "CVE-2025-7425", + "epss": 0.0003, + "percentile": 0.08162, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7425", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-11.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-11.el9_6", + "date": "2025-08-01", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024225 + "advisories": [ + { + "id": "RHSA-2025:12447", + "link": "https://access.redhat.com/errata/RHSA-2025:12447" + } + ], + "risk": 0.022949999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-7425", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/errata/RHSA-2025:12447", + "https://access.redhat.com/errata/RHSA-2025:12450", + "https://access.redhat.com/errata/RHSA-2025:13267", + "https://access.redhat.com/errata/RHSA-2025:13308", + "https://access.redhat.com/errata/RHSA-2025:13309", + "https://access.redhat.com/errata/RHSA-2025:13310", + "https://access.redhat.com/errata/RHSA-2025:13311", + "https://access.redhat.com/errata/RHSA-2025:13312", + "https://access.redhat.com/errata/RHSA-2025:13313", + "https://access.redhat.com/errata/RHSA-2025:13314", + "https://access.redhat.com/errata/RHSA-2025:13335", + "https://access.redhat.com/errata/RHSA-2025:13464", + "https://access.redhat.com/errata/RHSA-2025:13622", + "https://access.redhat.com/errata/RHSA-2025:14059", + "https://access.redhat.com/errata/RHSA-2025:14396", + "https://access.redhat.com/errata/RHSA-2025:14818", + "https://access.redhat.com/errata/RHSA-2025:14819", + "https://access.redhat.com/errata/RHSA-2025:14853", + "https://access.redhat.com/errata/RHSA-2025:14858", + "https://access.redhat.com/errata/RHSA-2025:15308", + "https://access.redhat.com/errata/RHSA-2025:15672", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:21885", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/security/cve/CVE-2025-7425", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379274", + "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140", + "http://seclists.org/fulldisclosure/2025/Aug/0", + "http://seclists.org/fulldisclosure/2025/Jul/30", + "http://seclists.org/fulldisclosure/2025/Jul/32", + "http://seclists.org/fulldisclosure/2025/Jul/35", + "http://seclists.org/fulldisclosure/2025/Jul/37", + "http://www.openwall.com/lists/oss-security/2025/07/11/2", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "cve": "CVE-2025-7425", + "epss": 0.0003, + "percentile": 0.08162, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7425", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5499,21 +5601,24 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-7425", + "versionConstraint": "< 0:2.9.13-11.el9_6 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-11.el9_6" } } ], "artifact": { - "id": "f866293dd48b75b0", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -5530,22 +5635,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5555,12 +5649,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5576,10 +5670,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10659, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5587,25 +5689,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -5619,17 +5718,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10659, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5637,21 +5744,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f3ef10418ec3cca6", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -5665,25 +5772,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5693,142 +5789,107 @@ }, { "vulnerability": { - "id": "CVE-2025-7425", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7425", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7425", - "epss": 0.0003, - "percentile": 0.08096, - "date": "2025-12-22" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-7425", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-11.el9_6" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-11.el9_6", - "date": "2025-08-01", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12447", - "link": "https://access.redhat.com/errata/RHSA-2025:12447" - } - ], - "risk": 0.022949999999999998 + "advisories": [], + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7425", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:12447", - "https://access.redhat.com/errata/RHSA-2025:12450", - "https://access.redhat.com/errata/RHSA-2025:13267", - "https://access.redhat.com/errata/RHSA-2025:13308", - "https://access.redhat.com/errata/RHSA-2025:13309", - "https://access.redhat.com/errata/RHSA-2025:13310", - "https://access.redhat.com/errata/RHSA-2025:13311", - "https://access.redhat.com/errata/RHSA-2025:13312", - "https://access.redhat.com/errata/RHSA-2025:13313", - "https://access.redhat.com/errata/RHSA-2025:13314", - "https://access.redhat.com/errata/RHSA-2025:13335", - "https://access.redhat.com/errata/RHSA-2025:13464", - "https://access.redhat.com/errata/RHSA-2025:13622", - "https://access.redhat.com/errata/RHSA-2025:14059", - "https://access.redhat.com/errata/RHSA-2025:14396", - "https://access.redhat.com/errata/RHSA-2025:14818", - "https://access.redhat.com/errata/RHSA-2025:14819", - "https://access.redhat.com/errata/RHSA-2025:14853", - "https://access.redhat.com/errata/RHSA-2025:14858", - "https://access.redhat.com/errata/RHSA-2025:15308", - "https://access.redhat.com/errata/RHSA-2025:15672", - "https://access.redhat.com/errata/RHSA-2025:15827", - "https://access.redhat.com/errata/RHSA-2025:15828", - "https://access.redhat.com/errata/RHSA-2025:18219", - "https://access.redhat.com/errata/RHSA-2025:21885", - "https://access.redhat.com/errata/RHSA-2025:21913", - "https://access.redhat.com/security/cve/CVE-2025-7425", - "https://bugzilla.redhat.com/show_bug.cgi?id=2379274", - "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140", - "http://seclists.org/fulldisclosure/2025/Aug/0", - "http://seclists.org/fulldisclosure/2025/Jul/30", - "http://seclists.org/fulldisclosure/2025/Jul/32", - "http://seclists.org/fulldisclosure/2025/Jul/35", - "http://seclists.org/fulldisclosure/2025/Jul/37", - "http://www.openwall.com/lists/oss-security/2025/07/11/2", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7425", - "epss": 0.0003, - "percentile": 0.08096, - "date": "2025-12-22" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-7425", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5836,24 +5897,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7425", - "versionConstraint": "< 0:2.9.13-11.el9_6 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-11.el9_6" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -5867,14 +5925,19 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5884,20 +5947,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5905,17 +5968,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -5924,46 +5987,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" - } + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15601, + "date": "2026-01-05" + } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -5971,7 +6047,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5979,21 +6055,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -6007,14 +6083,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6024,70 +6105,93 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2022-29458", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "cve": "CVE-2022-29458", + "epss": 0.00045, + "percentile": 0.13715, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:6.2-10.20210508.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:6.2-10.20210508.el9_6.2", + "date": "2025-08-06", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:12876", + "link": "https://access.redhat.com/errata/RHSA-2025:12876" + } + ], + "risk": 0.020475 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2022-29458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", + "https://support.apple.com/kb/HT213488" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 7.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -6095,29 +6199,47 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "metrics": { - "baseScore": 4.3, + "baseScore": 5.8, "exploitabilityScore": 8.6, - "impactScore": 2.9 + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "cve": "CVE-2022-29458", + "epss": 0.00045, + "percentile": 0.13715, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -6132,21 +6254,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2022-29458", + "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:6.2-10.20210508.el9_6.2" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "f866293dd48b75b0", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -6160,17 +6285,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -6182,70 +6313,93 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2022-29458", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "cve": "CVE-2022-29458", + "epss": 0.00045, + "percentile": 0.13715, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:6.2-10.20210508.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:6.2-10.20210508.el9_6.2", + "date": "2025-08-06", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:12876", + "link": "https://access.redhat.com/errata/RHSA-2025:12876" + } + ], + "risk": 0.020475 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2022-29458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", + "https://support.apple.com/kb/HT213488" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 7.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -6253,219 +6407,54 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "metrics": { - "baseScore": 4.3, + "baseScore": 5.8, "exploitabilityScore": 8.6, - "impactScore": 2.9 + "impactScore": 5 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ae5872a20ea86e6a5ad9645ef9a8b10c3a72f912eda3ccbf7db35c7bfa34be38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-32414", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32414", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.5, - "impactScore": 3.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32414", - "epss": 0.0004, - "percentile": 0.12058, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32414", - "cwe": "CWE-393", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-32414", - "cwe": "CWE-252", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "0:2.9.13-12.el9_6" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-12.el9_6", - "date": "2025-08-08", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:13428", - "link": "https://access.redhat.com/errata/RHSA-2025:13428" - } - ], - "risk": 0.021200000000000004 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-32414", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" - ], - "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.5, - "impactScore": 3.8 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32414", - "epss": 0.0004, - "percentile": 0.12058, - "date": "2025-12-22" + "cve": "CVE-2022-29458", + "epss": 0.00045, + "percentile": 0.13715, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32414", - "cwe": "CWE-393", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-32414", - "cwe": "CWE-252", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6473,24 +6462,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32414", - "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" + "vulnerabilityID": "CVE-2022-29458", + "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-12.el9_6" + "suggestedVersion": "0:6.2-10.20210508.el9_6.2" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "f3ef10418ec3cca6", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -6507,11 +6496,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6543,9 +6543,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -6575,7 +6575,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -6618,9 +6618,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -6702,23 +6702,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-32415", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32415", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6726,26 +6723,210 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "cve": "CVE-2025-32415", + "epss": 0.0003, + "percentile": 0.08065, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-32415", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-32415", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.01785 + "versions": [ + "0:2.9.13-12.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-12.el9_6", + "date": "2025-08-08", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:13428", + "link": "https://access.redhat.com/errata/RHSA-2025:13428" + } + ], + "risk": 0.01875 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-32415", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" + ], + "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-32415", + "epss": 0.0003, + "percentile": 0.08065, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32415", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-32415", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-32415", + "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-12.el9_6" + } + } + ], + "artifact": { + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ae5872a20ea86e6a5ad9645ef9a8b10c3a72f912eda3ccbf7db35c7bfa34be38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -6797,122 +6978,108 @@ }, { "vulnerability": { - "id": "CVE-2025-32415", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32415", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32415", - "epss": 0.00024, - "percentile": 0.05927, - "date": "2025-12-22" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32415", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-32415", + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-12.el9_6" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-12.el9_6", - "date": "2025-08-08", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:13428", - "link": "https://access.redhat.com/errata/RHSA-2025:13428" - } - ], - "risk": 0.015000000000000001 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32415", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32415", - "epss": 0.00024, - "percentile": 0.05927, - "date": "2025-12-22" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32415", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-32415", + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -6930,24 +7097,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32415", - "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-12.el9_6" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6961,13 +7125,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6978,45 +7142,169 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9" + }, + "namespace": "redhat:distro:redhat:9" }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", + "type": "rpm", + "locations": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ae5872a20ea86e6a5ad9645ef9a8b10c3a72f912eda3ccbf7db35c7bfa34be38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -7024,72 +7312,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7097,21 +7362,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -7125,14 +7390,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7165,8 +7441,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -7241,8 +7517,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -7342,8 +7618,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -7418,8 +7694,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -7530,8 +7806,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -7604,8 +7880,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -7676,31 +7952,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7708,48 +7992,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7757,21 +8053,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7785,25 +8081,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7813,31 +8098,134 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.7.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "81feab72b50320e0", + "name": "fluent-bit", + "version": "25.7.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a10dbebc70bd7f098e375ba140477f1175d2fbeb366497ebe6a35b482a49989b", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.7.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7845,48 +8233,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7894,21 +8290,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "04574712e6ead30e", + "name": "glib2", + "version": "2.68.4-16.el9", "type": "rpm", "locations": [ { @@ -7922,25 +8318,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7973,8 +8358,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -8027,8 +8412,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -8102,134 +8487,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.7.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "81feab72b50320e0", - "name": "fluent-bit", - "version": "25.7.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a10dbebc70bd7f098e375ba140477f1175d2fbeb366497ebe6a35b482a49989b", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.7.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -8237,49 +8527,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -8294,21 +8596,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04574712e6ead30e", - "name": "glib2", - "version": "2.68.4-16.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -8322,13 +8624,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8362,8 +8664,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -8404,8 +8706,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -8499,8 +8801,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -8541,8 +8843,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -8613,101 +8915,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008969999999999999 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.009200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -8722,21 +9023,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "da5839ff511a0a9f", + "name": "glibc", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -8750,13 +9054,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8767,91 +9071,99 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008539999999999999 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.009200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8859,7 +9171,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8867,21 +9179,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "74f56e50def25fa2", + "name": "glibc-common", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -8895,108 +9210,127 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.20" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008539999999999999 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.009200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9012,21 +9346,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "dd1fd0cf3974da95", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9040,120 +9377,131 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.20" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00846 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.009200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9169,21 +9517,24 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b930958ae5e6f15d", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -9197,23 +9548,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" } ], "metadataType": "RpmMetadata", @@ -9225,110 +9580,100 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.00824 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9350,7 +9695,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -9389,38 +9734,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9429,60 +9774,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9498,21 +9834,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9526,116 +9862,108 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.00782 + "advisories": [], + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9643,7 +9971,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9651,24 +9979,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.20" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da5839ff511a0a9f", - "name": "glibc", - "version": "2.34-168.el9_6.20", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9682,116 +10007,120 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.00782 + "advisories": [], + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9807,24 +10136,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "74f56e50def25fa2", - "name": "glibc-common", - "version": "2.34-168.el9_6.20", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9838,23 +10164,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -9866,99 +10192,110 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.00782 + "advisories": [], + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9966,7 +10303,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9974,24 +10311,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dd1fd0cf3974da95", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.20", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -10005,29 +10339,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.20" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10037,100 +10356,87 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.00782 + "advisories": [], + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -10145,24 +10451,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b930958ae5e6f15d", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.20", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -10176,27 +10479,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -10231,8 +10524,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10279,8 +10572,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10315,8 +10608,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -10334,10 +10627,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -10376,8 +10669,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10424,8 +10717,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10460,8 +10753,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -10479,10 +10772,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -10521,8 +10814,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10569,8 +10862,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10605,8 +10898,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -10621,13 +10914,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -10643,36 +10936,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -10683,44 +10976,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -10730,7 +11037,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10738,21 +11045,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -10769,16 +11076,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10811,8 +11113,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -10872,8 +11174,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -10964,8 +11266,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -11032,8 +11334,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -11118,39 +11420,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -11158,31 +11460,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -11190,29 +11492,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -11233,7 +11535,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -11295,8 +11597,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -11365,8 +11667,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -11440,20 +11742,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11461,16 +11763,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -11480,31 +11782,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -11512,10 +11813,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11523,16 +11824,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -11549,21 +11850,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -11577,13 +11878,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11594,38 +11895,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -11634,59 +11935,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11702,21 +11991,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11730,13 +12019,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12098,87 +12387,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.7.2.md b/docs/security/agent/grype-25.7.2.md index f3abfce..a85ab1e 100644 --- a/docs/security/agent/grype-25.7.2.md +++ b/docs/security/agent/grype-25.7.2.md @@ -8,6 +8,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-5.el9_6 | [CVE-2025-5914](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5914) | High | | sqlite-libs | 3.34.1-7.el9_3 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-7425](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7425) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9 | [CVE-2024-52533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52533) | Medium | | glib2 | 2.68.4-16.el9 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | @@ -17,38 +18,39 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnutls | 3.8.3-6.el9 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | | libpq | 13.20-1.el9_5 | [CVE-2025-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4207) | Medium | | libpq | 13.20-1.el9_5 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| glib2 | 2.68.4-16.el9 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-32414](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414) | Medium | +| glib2 | 2.68.4-16.el9 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| fluent-bit | 25.7.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-32415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415) | Medium | +| fluent-bit | 25.7.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-5.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.7.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-5.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-5.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glibc | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | glibc-common | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | glibc-langpack-en | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-5.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-10.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-10.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -59,8 +61,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | libxml2 | 2.9.13-10.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| ncurses-base | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | -| ncurses-libs | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | | glib2 | 2.68.4-16.el9 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -68,15 +68,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | ncurses-libs | 6.2-10.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| ncurses-base | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | +| ncurses-libs | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-5.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-7.el9_3 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-5.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.7.4.json b/docs/security/agent/grype-25.7.4.json index d5c0222..778e454 100644 --- a/docs/security/agent/grype-25.7.4.json +++ b/docs/security/agent/grype-25.7.4.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2003,8 +2003,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2097,9 +2097,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2121,7 +2121,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -2164,9 +2164,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2240,123 +2240,120 @@ }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.067275 + "advisories": [], + "risk": 0.067405 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.2, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2371,24 +2368,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -2402,13 +2396,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2419,120 +2413,123 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2547,21 +2544,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32988", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2575,13 +2575,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2615,8 +2615,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2711,8 +2711,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2815,8 +2815,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -2887,8 +2887,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -2982,8 +2982,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3041,8 +3041,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3133,8 +3133,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3192,8 +3192,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3272,107 +3272,138 @@ }, { "vulnerability": { - "id": "CVE-2025-32989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", + "id": "CVE-2025-5914", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.3, + "exploitabilityScore": 1.4, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "cve": "CVE-2025-5914", + "epss": 0.00062, + "percentile": 0.1959, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", + "cve": "CVE-2025-5914", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.8.3-6.el9_6.2" + "0:3.5.3-6.el9_6" ], "state": "fixed", "available": [ { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", + "version": "0:3.5.3-6.el9_6", + "date": "2025-08-21", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" + "id": "RHSA-2025:14130", + "link": "https://access.redhat.com/errata/RHSA-2025:14130" } ], - "risk": 0.044289999999999996 + "risk": 0.04588 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", + "id": "CVE-2025-5914", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", - "http://www.openwall.com/lists/oss-security/2025/07/11/3" + "https://access.redhat.com/errata/RHSA-2025:14130", + "https://access.redhat.com/errata/RHSA-2025:14135", + "https://access.redhat.com/errata/RHSA-2025:14137", + "https://access.redhat.com/errata/RHSA-2025:14141", + "https://access.redhat.com/errata/RHSA-2025:14142", + "https://access.redhat.com/errata/RHSA-2025:14525", + "https://access.redhat.com/errata/RHSA-2025:14528", + "https://access.redhat.com/errata/RHSA-2025:14594", + "https://access.redhat.com/errata/RHSA-2025:14644", + "https://access.redhat.com/errata/RHSA-2025:14808", + "https://access.redhat.com/errata/RHSA-2025:14810", + "https://access.redhat.com/errata/RHSA-2025:14828", + "https://access.redhat.com/errata/RHSA-2025:15024", + "https://access.redhat.com/errata/RHSA-2025:15397", + "https://access.redhat.com/errata/RHSA-2025:15709", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:16524", + "https://access.redhat.com/errata/RHSA-2025:18217", + "https://access.redhat.com/errata/RHSA-2025:18218", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:19041", + "https://access.redhat.com/errata/RHSA-2025:19046", + "https://access.redhat.com/errata/RHSA-2025:21885", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/security/cve/CVE-2025-5914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370861", + "https://github.com/libarchive/libarchive/pull/2598", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7.3, + "exploitabilityScore": 1.4, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "cve": "CVE-2025-5914", + "epss": 0.00062, + "percentile": 0.1959, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", + "cve": "CVE-2025-5914", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -3389,24 +3420,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32989", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + "vulnerabilityID": "CVE-2025-5914", + "versionConstraint": "< 0:3.5.3-6.el9_6 (rpm)" }, "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "suggestedVersion": "0:3.5.3-6.el9_6" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -3420,13 +3451,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3437,138 +3468,107 @@ }, { "vulnerability": { - "id": "CVE-2025-5914", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", + "id": "CVE-2025-32989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 1.4, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5914", - "epss": 0.00054, - "percentile": 0.17115, - "date": "2025-12-22" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5914", - "cwe": "CWE-415", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.5.3-6.el9_6" + "0:3.8.3-6.el9_6.2" ], "state": "fixed", "available": [ { - "version": "0:3.5.3-6.el9_6", - "date": "2025-08-21", + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:14130", - "link": "https://access.redhat.com/errata/RHSA-2025:14130" + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.03996 + "risk": 0.044289999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5914", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", + "id": "CVE-2025-32989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:14130", - "https://access.redhat.com/errata/RHSA-2025:14135", - "https://access.redhat.com/errata/RHSA-2025:14137", - "https://access.redhat.com/errata/RHSA-2025:14141", - "https://access.redhat.com/errata/RHSA-2025:14142", - "https://access.redhat.com/errata/RHSA-2025:14525", - "https://access.redhat.com/errata/RHSA-2025:14528", - "https://access.redhat.com/errata/RHSA-2025:14594", - "https://access.redhat.com/errata/RHSA-2025:14644", - "https://access.redhat.com/errata/RHSA-2025:14808", - "https://access.redhat.com/errata/RHSA-2025:14810", - "https://access.redhat.com/errata/RHSA-2025:14828", - "https://access.redhat.com/errata/RHSA-2025:15024", - "https://access.redhat.com/errata/RHSA-2025:15397", - "https://access.redhat.com/errata/RHSA-2025:15709", - "https://access.redhat.com/errata/RHSA-2025:15827", - "https://access.redhat.com/errata/RHSA-2025:15828", - "https://access.redhat.com/errata/RHSA-2025:16524", - "https://access.redhat.com/errata/RHSA-2025:18217", - "https://access.redhat.com/errata/RHSA-2025:18218", - "https://access.redhat.com/errata/RHSA-2025:18219", - "https://access.redhat.com/errata/RHSA-2025:19041", - "https://access.redhat.com/errata/RHSA-2025:19046", - "https://access.redhat.com/errata/RHSA-2025:21885", - "https://access.redhat.com/errata/RHSA-2025:21913", - "https://access.redhat.com/security/cve/CVE-2025-5914", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370861", - "https://github.com/libarchive/libarchive/pull/2598", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", + "http://www.openwall.com/lists/oss-security/2025/07/11/3" ], - "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 1.4, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5914", - "epss": 0.00054, - "percentile": 0.17115, - "date": "2025-12-22" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5914", - "cwe": "CWE-415", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } @@ -3585,24 +3585,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5914", - "versionConstraint": "< 0:3.5.3-6.el9_6 (rpm)" + "vulnerabilityID": "CVE-2025-32989", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { - "suggestedVersion": "0:3.5.3-6.el9_6" + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -3616,13 +3616,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3633,52 +3633,235 @@ }, { "vulnerability": { - "id": "CVE-2025-4207", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4207", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4207", - "epss": 0.00067, - "percentile": 0.20903, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-4207", - "cwe": "CWE-126", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.036515 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-4207", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4207", + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-7.el9_3" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "45f6f999e295a17b", + "name": "sqlite-libs", + "version": "3.34.1-7.el9_3", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7365a3a0db69d7f481720be6d2cc54794d0f7e1c94fbfe59d74c106a561a7537", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-7.el9_3" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4207", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4207", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4207", + "epss": 0.00067, + "percentile": 0.2095, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4207", + "cwe": "CWE-126", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.036515 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4207", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4207", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ @@ -3705,8 +3888,8 @@ { "cve": "CVE-2025-4207", "epss": 0.00067, - "percentile": 0.20903, - "date": "2025-12-22" + "percentile": 0.2095, + "date": "2026-01-05" } ], "cwes": [ @@ -3797,8 +3980,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -3844,8 +4027,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -3936,8 +4119,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -3986,8 +4169,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -4055,140 +4238,87 @@ }, { "vulnerability": { - "id": "CVE-2022-29458", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00068, - "percentile": 0.21084, - "date": "2025-12-22" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:6.2-10.20210508.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:6.2-10.20210508.el9_6.2", - "date": "2025-08-06", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12876", - "link": "https://access.redhat.com/errata/RHSA-2025:12876" - } - ], - "risk": 0.03094 + "advisories": [], + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-29458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "http://seclists.org/fulldisclosure/2022/Oct/28", - "http://seclists.org/fulldisclosure/2022/Oct/41", - "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", - "https://support.apple.com/kb/HT213488" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", - "metrics": { - "baseScore": 5.8, - "exploitabilityScore": 8.6, - "impactScore": 5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00068, - "percentile": 0.21084, - "date": "2025-12-22" + "cve": "CVE-2025-3360", + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4196,7 +4326,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4204,24 +4334,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-29458", - "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:6.2-10.20210508.el9_6.2" + "vulnerabilityID": "CVE-2025-3360", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f866293dd48b75b0", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4235,25 +4362,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4263,148 +4379,132 @@ }, { "vulnerability": { - "id": "CVE-2022-29458", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", + "id": "CVE-2025-32414", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32414", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.6, + "exploitabilityScore": 1.5, + "impactScore": 3.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00068, - "percentile": 0.21084, - "date": "2025-12-22" + "cve": "CVE-2025-32414", + "epss": 0.00063, + "percentile": 0.19823, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-32414", + "cwe": "CWE-393", + "source": "cve@mitre.org", + "type": "Secondary" }, { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-32414", + "cwe": "CWE-252", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [ - "0:6.2-10.20210508.el9_6.2" + "0:2.9.13-12.el9_6" ], "state": "fixed", "available": [ { - "version": "0:6.2-10.20210508.el9_6.2", - "date": "2025-08-06", + "version": "0:2.9.13-12.el9_6", + "date": "2025-08-08", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:12876", - "link": "https://access.redhat.com/errata/RHSA-2025:12876" + "id": "RHSA-2025:13428", + "link": "https://access.redhat.com/errata/RHSA-2025:13428" } ], - "risk": 0.03094 + "risk": 0.03339 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-29458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", + "id": "CVE-2025-32414", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://seclists.org/fulldisclosure/2022/Oct/28", - "http://seclists.org/fulldisclosure/2022/Oct/41", - "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", - "https://support.apple.com/kb/HT213488" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" ], - "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", + "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.8, - "exploitabilityScore": 8.6, - "impactScore": 5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 5.6, + "exploitabilityScore": 1.5, + "impactScore": 3.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-29458", - "epss": 0.00068, - "percentile": 0.21084, - "date": "2025-12-22" + "cve": "CVE-2025-32414", + "epss": 0.00063, + "percentile": 0.19823, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-32414", + "cwe": "CWE-393", + "source": "cve@mitre.org", + "type": "Secondary" }, { - "cve": "CVE-2022-29458", - "cwe": "CWE-125", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-32414", + "cwe": "CWE-252", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4412,24 +4512,24 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-29458", - "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" + "vulnerabilityID": "CVE-2025-32414", + "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" }, "fix": { - "suggestedVersion": "0:6.2-10.20210508.el9_6.2" + "suggestedVersion": "0:2.9.13-12.el9_6" } } ], "artifact": { - "id": "f3ef10418ec3cca6", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -4446,22 +4546,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4471,20 +4560,20 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4492,18 +4581,18 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4511,48 +4600,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.025315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "cve": "CVE-2022-41409", + "epss": 0.00061, + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4567,21 +4655,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4595,13 +4683,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4635,8 +4723,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -4683,8 +4771,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -4699,7 +4787,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4708,7 +4796,7 @@ }, "package": { "name": "pcre2", - "version": "0:10.40-6.el9" + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -4719,8 +4807,8 @@ } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", "version": "10.40-6.el9", "type": "rpm", "locations": [ @@ -4738,11 +4826,22 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4752,39 +4851,31 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -4792,28 +4883,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.025315 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4821,18 +4915,10 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -4847,21 +4933,21 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "f866293dd48b75b0", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -4875,23 +4961,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "ncurses", + "version": "6.2-10.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -4903,116 +4989,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -5027,24 +5071,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-7.el9_3" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2023-50495", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "45f6f999e295a17b", - "name": "sqlite-libs", - "version": "3.34.1-7.el9_3", + "id": "f3ef10418ec3cca6", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -5058,23 +5099,23 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-7.el9_3:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-7.el9_3:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-7.el9_3?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-7.el9_3.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", "upstreams": [ { - "name": "sqlite", - "version": "3.34.1-7.el9_3" + "name": "ncurses", + "version": "6.2-10.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -5086,81 +5127,142 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-7425", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7425", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "cve": "CVE-2025-7425", + "epss": 0.0003, + "percentile": 0.08162, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7425", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-11.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-11.el9_6", + "date": "2025-08-01", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.024225 + "advisories": [ + { + "id": "RHSA-2025:12447", + "link": "https://access.redhat.com/errata/RHSA-2025:12447" + } + ], + "risk": 0.022949999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-7425", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/errata/RHSA-2025:12447", + "https://access.redhat.com/errata/RHSA-2025:12450", + "https://access.redhat.com/errata/RHSA-2025:13267", + "https://access.redhat.com/errata/RHSA-2025:13308", + "https://access.redhat.com/errata/RHSA-2025:13309", + "https://access.redhat.com/errata/RHSA-2025:13310", + "https://access.redhat.com/errata/RHSA-2025:13311", + "https://access.redhat.com/errata/RHSA-2025:13312", + "https://access.redhat.com/errata/RHSA-2025:13313", + "https://access.redhat.com/errata/RHSA-2025:13314", + "https://access.redhat.com/errata/RHSA-2025:13335", + "https://access.redhat.com/errata/RHSA-2025:13464", + "https://access.redhat.com/errata/RHSA-2025:13622", + "https://access.redhat.com/errata/RHSA-2025:14059", + "https://access.redhat.com/errata/RHSA-2025:14396", + "https://access.redhat.com/errata/RHSA-2025:14818", + "https://access.redhat.com/errata/RHSA-2025:14819", + "https://access.redhat.com/errata/RHSA-2025:14853", + "https://access.redhat.com/errata/RHSA-2025:14858", + "https://access.redhat.com/errata/RHSA-2025:15308", + "https://access.redhat.com/errata/RHSA-2025:15672", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:21885", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/security/cve/CVE-2025-7425", + "https://bugzilla.redhat.com/show_bug.cgi?id=2379274", + "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140", + "http://seclists.org/fulldisclosure/2025/Aug/0", + "http://seclists.org/fulldisclosure/2025/Jul/30", + "http://seclists.org/fulldisclosure/2025/Jul/32", + "http://seclists.org/fulldisclosure/2025/Jul/35", + "http://seclists.org/fulldisclosure/2025/Jul/37", + "http://www.openwall.com/lists/oss-security/2025/07/11/2", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "cve": "CVE-2025-7425", + "epss": 0.0003, + "percentile": 0.08162, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-7425", + "cwe": "CWE-416", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5168,21 +5270,24 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-7425", + "versionConstraint": "< 0:2.9.13-11.el9_6 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-11.el9_6" } } ], "artifact": { - "id": "f866293dd48b75b0", - "name": "ncurses-base", - "version": "6.2-10.20210508.el9", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -5199,22 +5304,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5224,12 +5318,12 @@ }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", @@ -5245,10 +5339,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10659, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -5256,25 +5358,22 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.021274999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", @@ -5288,17 +5387,25 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "cve": "CVE-2025-14512", + "epss": 0.00037, + "percentile": 0.10659, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5306,21 +5413,21 @@ "version": "9.6" }, "package": { - "name": "ncurses", - "version": "6.2-10.20210508.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f3ef10418ec3cca6", - "name": "ncurses-libs", - "version": "6.2-10.20210508.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5334,25 +5441,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", - "upstreams": [ - { - "name": "ncurses", - "version": "6.2-10.20210508.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5362,142 +5458,107 @@ }, { "vulnerability": { - "id": "CVE-2025-7425", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7425", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7425", - "epss": 0.0003, - "percentile": 0.08096, - "date": "2025-12-22" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-7425", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-11.el9_6" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-11.el9_6", - "date": "2025-08-01", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12447", - "link": "https://access.redhat.com/errata/RHSA-2025:12447" - } - ], - "risk": 0.022949999999999998 + "advisories": [], + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7425", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:12447", - "https://access.redhat.com/errata/RHSA-2025:12450", - "https://access.redhat.com/errata/RHSA-2025:13267", - "https://access.redhat.com/errata/RHSA-2025:13308", - "https://access.redhat.com/errata/RHSA-2025:13309", - "https://access.redhat.com/errata/RHSA-2025:13310", - "https://access.redhat.com/errata/RHSA-2025:13311", - "https://access.redhat.com/errata/RHSA-2025:13312", - "https://access.redhat.com/errata/RHSA-2025:13313", - "https://access.redhat.com/errata/RHSA-2025:13314", - "https://access.redhat.com/errata/RHSA-2025:13335", - "https://access.redhat.com/errata/RHSA-2025:13464", - "https://access.redhat.com/errata/RHSA-2025:13622", - "https://access.redhat.com/errata/RHSA-2025:14059", - "https://access.redhat.com/errata/RHSA-2025:14396", - "https://access.redhat.com/errata/RHSA-2025:14818", - "https://access.redhat.com/errata/RHSA-2025:14819", - "https://access.redhat.com/errata/RHSA-2025:14853", - "https://access.redhat.com/errata/RHSA-2025:14858", - "https://access.redhat.com/errata/RHSA-2025:15308", - "https://access.redhat.com/errata/RHSA-2025:15672", - "https://access.redhat.com/errata/RHSA-2025:15827", - "https://access.redhat.com/errata/RHSA-2025:15828", - "https://access.redhat.com/errata/RHSA-2025:18219", - "https://access.redhat.com/errata/RHSA-2025:21885", - "https://access.redhat.com/errata/RHSA-2025:21913", - "https://access.redhat.com/security/cve/CVE-2025-7425", - "https://bugzilla.redhat.com/show_bug.cgi?id=2379274", - "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140", - "http://seclists.org/fulldisclosure/2025/Aug/0", - "http://seclists.org/fulldisclosure/2025/Jul/30", - "http://seclists.org/fulldisclosure/2025/Jul/32", - "http://seclists.org/fulldisclosure/2025/Jul/35", - "http://seclists.org/fulldisclosure/2025/Jul/37", - "http://www.openwall.com/lists/oss-security/2025/07/11/2", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7425", - "epss": 0.0003, - "percentile": 0.08096, - "date": "2025-12-22" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-7425", - "cwe": "CWE-416", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5505,24 +5566,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7425", - "versionConstraint": "< 0:2.9.13-11.el9_6 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-11.el9_6" + "vulnerabilityID": "CVE-2022-27943", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "2766c907d423c9ec", + "name": "libgcc", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -5536,14 +5594,19 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5553,20 +5616,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2022-27943", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5574,17 +5637,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -5593,46 +5656,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021274999999999995 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -5640,7 +5716,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5648,21 +5724,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -5676,14 +5752,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5693,70 +5774,93 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2022-29458", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "cve": "CVE-2022-29458", + "epss": 0.00045, + "percentile": 0.13715, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:6.2-10.20210508.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:6.2-10.20210508.el9_6.2", + "date": "2025-08-06", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:12876", + "link": "https://access.redhat.com/errata/RHSA-2025:12876" + } + ], + "risk": 0.020475 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2022-29458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", + "https://support.apple.com/kb/HT213488" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 7.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -5764,29 +5868,47 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "metrics": { - "baseScore": 4.3, + "baseScore": 5.8, "exploitabilityScore": 8.6, - "impactScore": 2.9 + "impactScore": 5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "cve": "CVE-2022-29458", + "epss": 0.00045, + "percentile": 0.13715, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -5801,21 +5923,24 @@ "version": "9.6" }, "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2022-29458", + "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:6.2-10.20210508.el9_6.2" } } ], "artifact": { - "id": "2766c907d423c9ec", - "name": "libgcc", - "version": "11.5.0-5.el9_5", + "id": "f866293dd48b75b0", + "name": "ncurses-base", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -5829,17 +5954,23 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libgcc:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libgcc:11.5.0-5.el9_5:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-10.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libgcc@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-10.20210508.el9?arch=noarch&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", "upstreams": [ { - "name": "gcc", - "version": "11.5.0-5.el9_5" + "name": "ncurses", + "version": "6.2-10.20210508.el9" } ], "metadataType": "RpmMetadata", @@ -5851,70 +5982,93 @@ }, { "vulnerability": { - "id": "CVE-2022-27943", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-27943", + "id": "CVE-2022-29458", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-29458", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 6.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "cve": "CVE-2022-29458", + "epss": 0.00045, + "percentile": 0.13715, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:6.2-10.20210508.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:6.2-10.20210508.el9_6.2", + "date": "2025-08-06", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.02125 + "advisories": [ + { + "id": "RHSA-2025:12876", + "link": "https://access.redhat.com/errata/RHSA-2025:12876" + } + ], + "risk": 0.020475 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", + "id": "CVE-2022-29458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html", + "https://support.apple.com/kb/HT213488" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", + "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, + "baseScore": 7.1, "exploitabilityScore": 1.9, - "impactScore": 3.6 + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -5922,219 +6076,54 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "metrics": { - "baseScore": 4.3, + "baseScore": 5.8, "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7365a3a0db69d7f481720be6d2cc54794d0f7e1c94fbfe59d74c106a561a7537", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-32414", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32414", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.5, - "impactScore": 3.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-32414", - "epss": 0.0004, - "percentile": 0.12058, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-32414", - "cwe": "CWE-393", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-32414", - "cwe": "CWE-252", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "0:2.9.13-12.el9_6" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-12.el9_6", - "date": "2025-08-08", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2025:13428", - "link": "https://access.redhat.com/errata/RHSA-2025:13428" - } - ], - "risk": 0.021200000000000004 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-32414", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" - ], - "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 5 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.5, - "impactScore": 3.8 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32414", - "epss": 0.0004, - "percentile": 0.12058, - "date": "2025-12-22" + "cve": "CVE-2022-29458", + "epss": 0.00045, + "percentile": 0.13715, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32414", - "cwe": "CWE-393", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-32414", - "cwe": "CWE-252", + "cve": "CVE-2022-29458", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2022-29458", + "cwe": "CWE-125", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6142,24 +6131,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "ncurses", + "version": "6.2-10.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32414", - "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" + "vulnerabilityID": "CVE-2022-29458", + "versionConstraint": "< 0:6.2-10.20210508.el9_6.2 (rpm)" }, "fix": { - "suggestedVersion": "0:2.9.13-12.el9_6" + "suggestedVersion": "0:6.2-10.20210508.el9_6.2" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "f3ef10418ec3cca6", + "name": "ncurses-libs", + "version": "6.2-10.20210508.el9", "type": "rpm", "locations": [ { @@ -6176,11 +6165,22 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-10.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-10.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-10.20210508.el9?arch=x86_64&distro=rhel-9.6&upstream=ncurses-6.2-10.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-10.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6212,9 +6212,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -6244,7 +6244,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -6287,9 +6287,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -6371,23 +6371,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-32415", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32415", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6395,10 +6392,194 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "cve": "CVE-2025-32415", + "epss": 0.0003, + "percentile": 0.08065, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32415", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-32415", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.9.13-12.el9_6" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-12.el9_6", + "date": "2025-08-08", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:13428", + "link": "https://access.redhat.com/errata/RHSA-2025:13428" + } + ], + "risk": 0.01875 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-32415", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" + ], + "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-32415", + "epss": 0.0003, + "percentile": 0.08065, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-32415", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-32415", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-32415", + "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-12.el9_6" + } + } + ], + "artifact": { + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7365a3a0db69d7f481720be6d2cc54794d0f7e1c94fbfe59d74c106a561a7537", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -6414,7 +6595,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -6466,122 +6647,108 @@ }, { "vulnerability": { - "id": "CVE-2025-32415", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32415", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32415", - "epss": 0.00024, - "percentile": 0.05927, - "date": "2025-12-22" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32415", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-32415", + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-12.el9_6" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-12.el9_6", - "date": "2025-08-08", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:13428", - "link": "https://access.redhat.com/errata/RHSA-2025:13428" - } - ], - "risk": 0.015000000000000001 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32415", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32415", - "epss": 0.00024, - "percentile": 0.05927, - "date": "2025-12-22" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32415", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-32415", + "cve": "CVE-2023-4156", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -6599,24 +6766,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32415", - "versionConstraint": "< 0:2.9.13-12.el9_6 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-12.el9_6" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6630,13 +6794,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6647,45 +6811,169 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9" + }, + "namespace": "redhat:distro:redhat:9" }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "6b7ebba723f3d1d6", + "name": "curl-minimal", + "version": "7.76.1-31.el9", + "type": "rpm", + "locations": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7365a3a0db69d7f481720be6d2cc54794d0f7e1c94fbfe59d74c106a561a7537", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -6693,72 +6981,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ - { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6766,21 +7031,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-31.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "b20b4850f0fa0e54", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9", "type": "rpm", "locations": [ { @@ -6794,14 +7059,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6834,8 +7110,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -6910,8 +7186,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -7011,8 +7287,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -7087,8 +7363,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -7199,8 +7475,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -7273,8 +7549,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -7345,31 +7621,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -7377,48 +7661,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7426,21 +7722,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6b7ebba723f3d1d6", - "name": "curl-minimal", - "version": "7.76.1-31.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7454,25 +7750,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7482,31 +7767,134 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.7.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.7.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c91b39d7cd814d21", + "name": "fluent-bit", + "version": "25.7.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:317bb571b57a60e4946e579f23cdf19161e0cab00df73a6dd1400db0ae8d09f0", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.7.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.7.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -7514,48 +7902,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7563,21 +7959,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b20b4850f0fa0e54", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -7591,25 +7987,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7642,8 +8027,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -7696,8 +8081,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -7771,134 +8156,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.4:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.7.4" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c91b39d7cd814d21", - "name": "fluent-bit", - "version": "25.7.4", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:317bb571b57a60e4946e579f23cdf19161e0cab00df73a6dd1400db0ae8d09f0", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.7.4:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.7.4", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7906,49 +8196,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -7963,21 +8265,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -7991,13 +8293,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8031,8 +8333,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -8073,8 +8375,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -8168,8 +8470,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -8210,8 +8512,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -8282,101 +8584,100 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008969999999999999 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.009200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -8391,21 +8692,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "glibc", + "version": "0:2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "da5839ff511a0a9f", + "name": "glibc", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -8419,13 +8723,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8436,91 +8740,99 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008539999999999999 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.009200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8528,7 +8840,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8536,21 +8848,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "74f56e50def25fa2", + "name": "glibc-common", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -8564,108 +8879,127 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.20" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008539999999999999 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.009200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8681,21 +9015,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "dd1fd0cf3974da95", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -8709,120 +9046,131 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.20" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-8058", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 4.2, + "exploitabilityScore": 0.8, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-168.el9_6.23" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-168.el9_6.23", + "date": "2025-08-05", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00846 + "advisories": [ + { + "id": "RHSA-2025:12748", + "link": "https://access.redhat.com/errata/RHSA-2025:12748" + } + ], + "risk": 0.009200000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8838,21 +9186,24 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-168.el9_6.23" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b930958ae5e6f15d", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.20", "type": "rpm", "locations": [ { @@ -8866,23 +9217,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.20" } ], "metadataType": "RpmMetadata", @@ -8894,110 +9249,100 @@ }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.00824 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9019,7 +9364,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -9058,38 +9403,38 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9098,60 +9443,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9167,21 +9503,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9195,116 +9531,108 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.00782 + "advisories": [], + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9312,7 +9640,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9320,24 +9648,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.20" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da5839ff511a0a9f", - "name": "glibc", - "version": "2.34-168.el9_6.20", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -9351,116 +9676,120 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.00782 + "advisories": [], + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-5278", + "epss": 0.00018, + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9476,24 +9805,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2025-5278", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "74f56e50def25fa2", - "name": "glibc-common", - "version": "2.34-168.el9_6.20", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9507,23 +9833,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -9535,99 +9861,110 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.00782 + "advisories": [], + "risk": 0.00824 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2023-30571", + "epss": 0.00016, + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-30571", + "cwe": "CWE-362", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9635,7 +9972,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9643,24 +9980,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2023-30571", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dd1fd0cf3974da95", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.20", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -9674,29 +10008,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.20:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.20" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9706,100 +10025,87 @@ }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-8058", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 0.8, - "impactScore": 3.4 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.34-168.el9_6.23" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-168.el9_6.23", - "date": "2025-08-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:12748", - "link": "https://access.redhat.com/errata/RHSA-2025:12748" - } - ], - "risk": 0.00782 + "advisories": [], + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -9814,24 +10120,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 0:2.34-168.el9_6.23 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-168.el9_6.23" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b930958ae5e6f15d", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.20", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -9845,27 +10148,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.20:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.20?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.20.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.20" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9900,8 +10193,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -9948,8 +10241,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -9984,8 +10277,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -10003,10 +10296,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -10045,8 +10338,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10093,8 +10386,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10129,8 +10422,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -10148,10 +10441,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -10190,8 +10483,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10238,8 +10531,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -10274,8 +10567,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -10290,13 +10583,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -10312,36 +10605,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -10352,44 +10645,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -10399,7 +10706,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10407,21 +10714,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -10438,16 +10745,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -10480,8 +10782,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -10541,8 +10843,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -10633,8 +10935,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -10701,8 +11003,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -10787,39 +11089,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -10827,31 +11129,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -10859,29 +11161,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -10902,7 +11204,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -10964,8 +11266,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -11034,8 +11336,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -11109,20 +11411,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11130,16 +11432,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -11149,31 +11451,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -11181,10 +11482,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11192,16 +11493,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -11218,21 +11519,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "libxml2", + "version": "0:2.9.13-10.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "cad7c140298c7fa1", + "name": "libxml2", + "version": "2.9.13-10.el9_6", "type": "rpm", "locations": [ { @@ -11246,13 +11547,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11263,38 +11564,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -11303,59 +11604,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11371,21 +11660,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-10.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cad7c140298c7fa1", - "name": "libxml2", - "version": "2.9.13-10.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11399,13 +11688,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-10.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-10.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-10.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11767,87 +12056,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.7.4.md b/docs/security/agent/grype-25.7.4.md index 61f7340..12c2c34 100644 --- a/docs/security/agent/grype-25.7.4.md +++ b/docs/security/agent/grype-25.7.4.md @@ -8,6 +8,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-5.el9_6 | [CVE-2025-5914](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5914) | High | | sqlite-libs | 3.34.1-7.el9_3 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-7425](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7425) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | Medium | @@ -15,38 +16,39 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnutls | 3.8.3-6.el9 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | | libpq | 13.20-1.el9_5 | [CVE-2025-4207](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4207) | Medium | | libpq | 13.20-1.el9_5 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-32414](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| fluent-bit | 25.7.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-32415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415) | Medium | +| fluent-bit | 25.7.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-5.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.7.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-5.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | -| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | -| libarchive | 3.5.3-5.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glibc | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | glibc-common | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | glibc-langpack-en | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.20 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | +| coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | +| libarchive | 3.5.3-5.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | libblkid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-10.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-10.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -57,8 +59,6 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | libxml2 | 2.9.13-10.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| ncurses-base | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | -| ncurses-libs | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | @@ -66,15 +66,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | ncurses-libs | 6.2-10.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| ncurses-base | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | +| ncurses-libs | 6.2-10.20210508.el9 | [CVE-2022-29458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-5.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-7.el9_3 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-5.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-10.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.8.2.json b/docs/security/agent/grype-25.8.2.json index 9b35e85..39953a2 100644 --- a/docs/security/agent/grype-25.8.2.json +++ b/docs/security/agent/grype-25.8.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2003,8 +2003,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2097,9 +2097,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2121,7 +2121,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -2164,9 +2164,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2240,123 +2240,120 @@ }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.067275 + "advisories": [], + "risk": 0.067405 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.2, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2371,24 +2368,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2402,13 +2396,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2419,120 +2413,123 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2547,21 +2544,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32988", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2575,13 +2575,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2615,8 +2615,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2711,8 +2711,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2815,8 +2815,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -2887,8 +2887,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -2982,8 +2982,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3041,8 +3041,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3133,8 +3133,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3192,8 +3192,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3272,107 +3272,138 @@ }, { "vulnerability": { - "id": "CVE-2025-32989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", + "id": "CVE-2025-5914", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.3, + "exploitabilityScore": 1.4, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "cve": "CVE-2025-5914", + "epss": 0.00062, + "percentile": 0.1959, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", + "cve": "CVE-2025-5914", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.8.3-6.el9_6.2" + "0:3.5.3-6.el9_6" ], "state": "fixed", "available": [ { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", + "version": "0:3.5.3-6.el9_6", + "date": "2025-08-21", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" + "id": "RHSA-2025:14130", + "link": "https://access.redhat.com/errata/RHSA-2025:14130" } ], - "risk": 0.044289999999999996 + "risk": 0.04588 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", + "id": "CVE-2025-5914", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", - "http://www.openwall.com/lists/oss-security/2025/07/11/3" + "https://access.redhat.com/errata/RHSA-2025:14130", + "https://access.redhat.com/errata/RHSA-2025:14135", + "https://access.redhat.com/errata/RHSA-2025:14137", + "https://access.redhat.com/errata/RHSA-2025:14141", + "https://access.redhat.com/errata/RHSA-2025:14142", + "https://access.redhat.com/errata/RHSA-2025:14525", + "https://access.redhat.com/errata/RHSA-2025:14528", + "https://access.redhat.com/errata/RHSA-2025:14594", + "https://access.redhat.com/errata/RHSA-2025:14644", + "https://access.redhat.com/errata/RHSA-2025:14808", + "https://access.redhat.com/errata/RHSA-2025:14810", + "https://access.redhat.com/errata/RHSA-2025:14828", + "https://access.redhat.com/errata/RHSA-2025:15024", + "https://access.redhat.com/errata/RHSA-2025:15397", + "https://access.redhat.com/errata/RHSA-2025:15709", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:16524", + "https://access.redhat.com/errata/RHSA-2025:18217", + "https://access.redhat.com/errata/RHSA-2025:18218", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:19041", + "https://access.redhat.com/errata/RHSA-2025:19046", + "https://access.redhat.com/errata/RHSA-2025:21885", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/security/cve/CVE-2025-5914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370861", + "https://github.com/libarchive/libarchive/pull/2598", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", + "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7.3, + "exploitabilityScore": 1.4, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32989", - "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "cve": "CVE-2025-5914", + "epss": 0.00062, + "percentile": 0.1959, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32989", - "cwe": "CWE-295", + "cve": "CVE-2025-5914", + "cwe": "CWE-415", "source": "secalert@redhat.com", "type": "Secondary" } @@ -3389,24 +3420,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32989", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + "vulnerabilityID": "CVE-2025-5914", + "versionConstraint": "< 0:3.5.3-6.el9_6 (rpm)" }, "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "suggestedVersion": "0:3.5.3-6.el9_6" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -3420,13 +3451,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3437,138 +3468,107 @@ }, { "vulnerability": { - "id": "CVE-2025-5914", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5914", + "id": "CVE-2025-32989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32989", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 1.4, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5914", - "epss": 0.00054, - "percentile": 0.17115, - "date": "2025-12-22" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5914", - "cwe": "CWE-415", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:3.5.3-6.el9_6" + "0:3.8.3-6.el9_6.2" ], "state": "fixed", "available": [ { - "version": "0:3.5.3-6.el9_6", - "date": "2025-08-21", + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2025:14130", - "link": "https://access.redhat.com/errata/RHSA-2025:14130" + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" } ], - "risk": 0.03996 + "risk": 0.044289999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5914", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914", + "id": "CVE-2025-32989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:14130", - "https://access.redhat.com/errata/RHSA-2025:14135", - "https://access.redhat.com/errata/RHSA-2025:14137", - "https://access.redhat.com/errata/RHSA-2025:14141", - "https://access.redhat.com/errata/RHSA-2025:14142", - "https://access.redhat.com/errata/RHSA-2025:14525", - "https://access.redhat.com/errata/RHSA-2025:14528", - "https://access.redhat.com/errata/RHSA-2025:14594", - "https://access.redhat.com/errata/RHSA-2025:14644", - "https://access.redhat.com/errata/RHSA-2025:14808", - "https://access.redhat.com/errata/RHSA-2025:14810", - "https://access.redhat.com/errata/RHSA-2025:14828", - "https://access.redhat.com/errata/RHSA-2025:15024", - "https://access.redhat.com/errata/RHSA-2025:15397", - "https://access.redhat.com/errata/RHSA-2025:15709", - "https://access.redhat.com/errata/RHSA-2025:15827", - "https://access.redhat.com/errata/RHSA-2025:15828", - "https://access.redhat.com/errata/RHSA-2025:16524", - "https://access.redhat.com/errata/RHSA-2025:18217", - "https://access.redhat.com/errata/RHSA-2025:18218", - "https://access.redhat.com/errata/RHSA-2025:18219", - "https://access.redhat.com/errata/RHSA-2025:19041", - "https://access.redhat.com/errata/RHSA-2025:19046", - "https://access.redhat.com/errata/RHSA-2025:21885", - "https://access.redhat.com/errata/RHSA-2025:21913", - "https://access.redhat.com/security/cve/CVE-2025-5914", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370861", - "https://github.com/libarchive/libarchive/pull/2598", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359621", + "http://www.openwall.com/lists/oss-security/2025/07/11/3" ], - "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", + "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.3, - "exploitabilityScore": 1.4, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5914", - "epss": 0.00054, - "percentile": 0.17115, - "date": "2025-12-22" + "cve": "CVE-2025-32989", + "epss": 0.00086, + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5914", - "cwe": "CWE-415", + "cve": "CVE-2025-32989", + "cwe": "CWE-295", "source": "secalert@redhat.com", "type": "Secondary" } @@ -3585,24 +3585,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5914", - "versionConstraint": "< 0:3.5.3-6.el9_6 (rpm)" + "vulnerabilityID": "CVE-2025-32989", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" }, "fix": { - "suggestedVersion": "0:3.5.3-6.el9_6" + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -3616,13 +3616,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3633,52 +3633,235 @@ }, { "vulnerability": { - "id": "CVE-2025-4207", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4207", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4207", - "epss": 0.00067, - "percentile": 0.20903, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-4207", - "cwe": "CWE-126", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.036515 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-4207", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4207", + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4207", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4207", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4207", + "epss": 0.00067, + "percentile": 0.2095, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4207", + "cwe": "CWE-126", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.036515 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4207", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4207", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ @@ -3705,8 +3888,8 @@ { "cve": "CVE-2025-4207", "epss": 0.00067, - "percentile": 0.20903, - "date": "2025-12-22" + "percentile": 0.2095, + "date": "2026-01-05" } ], "cwes": [ @@ -3797,8 +3980,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -3844,8 +4027,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -3936,8 +4119,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -3986,8 +4169,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -4077,9 +4260,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -4095,7 +4278,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -4126,9 +4309,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -4219,8 +4402,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -4267,8 +4450,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -4359,8 +4542,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -4407,8 +4590,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -4487,237 +4670,54 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", @@ -4736,8 +4736,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -4831,8 +4831,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -4874,8 +4874,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -4969,8 +4969,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -5017,8 +5017,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -5109,8 +5109,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -5170,8 +5170,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -5267,8 +5267,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -5328,8 +5328,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -5424,9 +5424,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -5456,7 +5456,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -5499,9 +5499,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -5608,9 +5608,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -5626,7 +5626,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -5699,24 +5699,312 @@ ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08471, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.014105 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + ], + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08471, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gawk", + "version": "0:5.1.0-6.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + ], + "cpes": [ + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { @@ -5724,72 +6012,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5797,21 +6062,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5825,14 +6090,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5865,8 +6141,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5941,8 +6217,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -6042,8 +6318,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -6118,8 +6394,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -6230,8 +6506,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -6304,8 +6580,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -6376,31 +6652,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6408,48 +6692,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6457,87 +6753,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:780001ea1a42e8b21b6f25c2a7ec8f0383247d69089019c716e7a7c0993ba62c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.8.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.8.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "e47b701147393a78", + "name": "fluent-bit", + "version": "25.8.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:15db47226cd0cd7c410e95e1b63211810bc6bc8538319245d40e8e494039aefd", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.8.2:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.8.2", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6545,48 +6933,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6594,21 +6990,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -6622,25 +7018,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6673,8 +7058,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -6727,8 +7112,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -6802,134 +7187,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.8.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.8.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "e47b701147393a78", - "name": "fluent-bit", - "version": "25.8.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:15db47226cd0cd7c410e95e1b63211810bc6bc8538319245d40e8e494039aefd", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.8.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.8.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6937,49 +7227,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -6994,21 +7296,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -7022,13 +7324,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7062,8 +7364,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -7104,8 +7406,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -7199,8 +7501,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -7241,8 +7543,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -7313,12 +7615,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -7334,18 +7636,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7357,27 +7659,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -7396,18 +7698,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7428,7 +7730,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -7490,8 +7792,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7543,8 +7845,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7635,8 +7937,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7688,8 +7990,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7791,8 +8093,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -7845,8 +8147,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -7948,8 +8250,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -8014,8 +8316,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -8089,39 +8391,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -8129,68 +8431,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8198,21 +8486,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8226,14 +8514,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8266,8 +8559,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8314,8 +8607,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8350,8 +8643,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8369,10 +8662,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8411,8 +8704,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8459,8 +8752,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8495,8 +8788,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8514,10 +8807,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8556,8 +8849,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8604,8 +8897,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8640,8 +8933,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8656,13 +8949,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8678,36 +8971,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -8718,44 +9011,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -8765,7 +9072,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8773,21 +9080,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-5.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "026da1974d66f84e", + "name": "libarchive", + "version": "3.5.3-5.el9_6", "type": "rpm", "locations": [ { @@ -8804,16 +9111,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8846,8 +9148,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -8907,8 +9209,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -8999,8 +9301,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -9067,8 +9369,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -9153,39 +9455,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -9193,31 +9495,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -9225,29 +9527,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -9268,7 +9570,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -9330,8 +9632,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -9400,8 +9702,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -9475,20 +9777,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9496,16 +9798,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9515,31 +9817,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -9547,10 +9848,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9558,16 +9859,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9584,21 +9885,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-5.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "026da1974d66f84e", - "name": "libarchive", - "version": "3.5.3-5.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9612,13 +9913,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-5.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-5.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-5.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9629,38 +9930,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9669,59 +9970,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9737,21 +10026,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9765,13 +10054,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10133,87 +10422,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.8.2.md b/docs/security/agent/grype-25.8.2.md index 5037a4f..bdfa49f 100644 --- a/docs/security/agent/grype-25.8.2.md +++ b/docs/security/agent/grype-25.8.2.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | libarchive | 3.5.3-5.el9_6 | [CVE-2025-5914](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5914) | High | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | Medium | @@ -17,14 +18,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.8.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-5.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.8.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-5.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -33,13 +34,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -59,13 +61,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-5.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-5.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-5.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.8.4.json b/docs/security/agent/grype-25.8.4.json index 478e672..55f20c9 100644 --- a/docs/security/agent/grype-25.8.4.json +++ b/docs/security/agent/grype-25.8.4.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2003,8 +2003,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2097,9 +2097,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2121,7 +2121,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -2164,9 +2164,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2240,123 +2240,120 @@ }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.067275 + "advisories": [], + "risk": 0.067405 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.2, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2371,24 +2368,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2402,13 +2396,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2419,120 +2413,123 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2547,21 +2544,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32988", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2575,13 +2575,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2615,8 +2615,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2711,8 +2711,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2815,8 +2815,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -2887,8 +2887,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -2982,8 +2982,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3041,8 +3041,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3133,8 +3133,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3192,8 +3192,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3295,8 +3295,8 @@ { "cve": "CVE-2025-32989", "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ @@ -3365,8 +3365,8 @@ { "cve": "CVE-2025-32989", "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ @@ -3437,58 +3437,241 @@ }, { "vulnerability": { - "id": "CVE-2025-4207", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4207", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4207", - "epss": 0.00067, - "percentile": 0.20903, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-4207", - "cwe": "CWE-126", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.036515 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-4207", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4207", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-4207/", - "http://www.openwall.com/lists/oss-security/2025/05/09/3", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:0eb5d20b2dd38818489a79d48a0bb6d5c357f22db3ba9ae973ab798676877b5b", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-4207", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4207", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-4207", + "epss": 0.00067, + "percentile": 0.2095, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-4207", + "cwe": "CWE-126", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.036515 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4207", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4207", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2025-4207/", + "http://www.openwall.com/lists/oss-security/2025/05/09/3", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html" ], "description": "Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.", "cvss": [ @@ -3509,8 +3692,8 @@ { "cve": "CVE-2025-4207", "epss": 0.00067, - "percentile": 0.20903, - "date": "2025-12-22" + "percentile": 0.2095, + "date": "2026-01-05" } ], "cwes": [ @@ -3601,8 +3784,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -3648,8 +3831,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -3740,8 +3923,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -3790,8 +3973,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -3881,9 +4064,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3899,7 +4082,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -3930,9 +4113,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -4023,8 +4206,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -4071,8 +4254,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -4163,8 +4346,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -4211,8 +4394,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -4291,229 +4474,46 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", - "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" - ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:0eb5d20b2dd38818489a79d48a0bb6d5c357f22db3ba9ae973ab798676877b5b", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Medium", "urls": [ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", @@ -4540,8 +4540,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -4635,8 +4635,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -4678,8 +4678,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -4773,8 +4773,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -4821,8 +4821,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -4913,8 +4913,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4974,8 +4974,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -5071,8 +5071,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -5132,8 +5132,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -5228,9 +5228,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -5260,7 +5260,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -5303,9 +5303,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -5412,9 +5412,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -5430,7 +5430,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -5505,8 +5505,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -5571,8 +5571,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -5646,87 +5646,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5743,31 +5710,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5775,24 +5728,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -5806,7 +5756,333 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:0eb5d20b2dd38818489a79d48a0bb6d5c357f22db3ba9ae973ab798676877b5b", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:0eb5d20b2dd38818489a79d48a0bb6d5c357f22db3ba9ae973ab798676877b5b", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "ASL 2.0" ], "cpes": [ "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", @@ -5846,8 +6122,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5922,8 +6198,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -6034,8 +6310,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -6108,8 +6384,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -6180,31 +6456,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -6212,48 +6496,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6261,87 +6557,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:0eb5d20b2dd38818489a79d48a0bb6d5c357f22db3ba9ae973ab798676877b5b", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:0eb5d20b2dd38818489a79d48a0bb6d5c357f22db3ba9ae973ab798676877b5b", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.8.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.8.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "f505131b29c82dcb", + "name": "fluent-bit", + "version": "25.8.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c82e562732b6ed001db279733b6a8aa6795dd443a0fa668089326a727f14aba2", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.8.3:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.8.3", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6349,48 +6737,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6398,21 +6794,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -6426,25 +6822,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6477,8 +6862,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -6531,8 +6916,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -6606,134 +6991,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.8.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.8.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "f505131b29c82dcb", - "name": "fluent-bit", - "version": "25.8.3", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c82e562732b6ed001db279733b6a8aa6795dd443a0fa668089326a727f14aba2", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.8.3:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.8.3", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6741,49 +7031,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -6798,21 +7100,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6826,13 +7128,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6866,8 +7168,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6908,8 +7210,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -7003,8 +7305,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -7045,8 +7347,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -7117,12 +7419,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -7138,18 +7440,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7161,27 +7463,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -7200,18 +7502,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7232,7 +7534,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -7294,8 +7596,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7347,8 +7649,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7439,8 +7741,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7492,8 +7794,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7595,8 +7897,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -7649,8 +7951,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -7752,8 +8054,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -7818,8 +8120,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -7893,39 +8195,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7933,68 +8235,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8002,21 +8290,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8030,14 +8318,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8070,8 +8363,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8118,8 +8411,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8154,8 +8447,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8173,10 +8466,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8215,8 +8508,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8263,8 +8556,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8299,8 +8592,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8318,10 +8611,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8360,8 +8653,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8408,8 +8701,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8444,8 +8737,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8460,13 +8753,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8482,36 +8775,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -8522,44 +8815,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -8569,7 +8876,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8577,21 +8884,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8608,16 +8915,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8650,8 +8952,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -8711,8 +9013,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -8803,8 +9105,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -8871,8 +9173,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -8957,39 +9259,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8997,31 +9299,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -9029,29 +9331,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -9072,7 +9374,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -9134,8 +9436,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -9204,8 +9506,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -9279,20 +9581,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9300,16 +9602,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9319,31 +9621,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -9351,10 +9652,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9362,16 +9663,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9388,21 +9689,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9416,13 +9717,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9433,38 +9734,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9473,59 +9774,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9541,21 +9830,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9569,13 +9858,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9937,87 +10226,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.8.4.md b/docs/security/agent/grype-25.8.4.md index 980ecc9..8be3ac9 100644 --- a/docs/security/agent/grype-25.8.4.md +++ b/docs/security/agent/grype-25.8.4.md @@ -6,6 +6,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | Medium | @@ -16,14 +17,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.8.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.8.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -32,13 +33,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -58,13 +60,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.9.1.json b/docs/security/agent/grype-25.9.1.json index dac3417..6c87ff9 100644 --- a/docs/security/agent/grype-25.9.1.json +++ b/docs/security/agent/grype-25.9.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2003,8 +2003,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2097,9 +2097,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2121,7 +2121,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -2164,9 +2164,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2240,123 +2240,120 @@ }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.067275 + "advisories": [], + "risk": 0.067405 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.2, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2371,24 +2368,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2402,13 +2396,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2419,120 +2413,123 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2547,21 +2544,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32988", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2575,13 +2575,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2615,8 +2615,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2711,8 +2711,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2815,8 +2815,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -2887,8 +2887,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -2982,8 +2982,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3041,8 +3041,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3133,8 +3133,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3192,8 +3192,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3295,8 +3295,8 @@ { "cve": "CVE-2025-32989", "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ @@ -3365,8 +3365,8 @@ { "cve": "CVE-2025-32989", "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ @@ -3437,49 +3437,232 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 - }, - "relatedVulnerabilities": [ + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:edd45c7762182a07027035e2eb9b73574f64ed728decb7abff3b667f77c65985", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23155, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ { "id": "CVE-2023-45322", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", @@ -3510,8 +3693,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -3601,9 +3784,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3619,7 +3802,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -3650,9 +3833,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3743,8 +3926,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3791,8 +3974,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3883,8 +4066,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3931,8 +4114,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -4011,257 +4194,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:edd45c7762182a07027035e2eb9b73574f64ed728decb7abff3b667f77c65985", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ + } + ], + "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -4355,8 +4355,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -4398,8 +4398,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -4493,8 +4493,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -4541,8 +4541,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -4633,8 +4633,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4694,8 +4694,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4791,8 +4791,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4852,8 +4852,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4948,9 +4948,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4980,7 +4980,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -5023,9 +5023,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -5132,9 +5132,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -5150,7 +5150,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -5225,8 +5225,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -5291,8 +5291,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -5366,87 +5366,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5463,31 +5430,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5495,23 +5448,346 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:edd45c7762182a07027035e2eb9b73574f64ed728decb7abff3b667f77c65985", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:edd45c7762182a07027035e2eb9b73574f64ed728decb7abff3b667f77c65985", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5566,8 +5842,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5642,8 +5918,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5754,8 +6030,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5828,8 +6104,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5900,31 +6176,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -5932,48 +6216,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5981,87 +6277,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:edd45c7762182a07027035e2eb9b73574f64ed728decb7abff3b667f77c65985", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:edd45c7762182a07027035e2eb9b73574f64ed728decb7abff3b667f77c65985", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.9.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "7ec05d44026a65c9", + "name": "fluent-bit", + "version": "25.9.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8442b5a44d28024b94dff946aede2c517c658b384710f936c677e1d4568a8960", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.9.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6069,48 +6457,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6118,21 +6514,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -6146,25 +6542,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6197,8 +6582,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -6251,8 +6636,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -6326,134 +6711,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.9.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "7ec05d44026a65c9", - "name": "fluent-bit", - "version": "25.9.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8442b5a44d28024b94dff946aede2c517c658b384710f936c677e1d4568a8960", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.9.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6461,49 +6751,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -6518,21 +6820,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6546,13 +6848,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6586,8 +6888,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6628,8 +6930,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6723,8 +7025,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6765,8 +7067,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6837,12 +7139,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -6858,18 +7160,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6881,27 +7183,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -6920,18 +7222,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6952,7 +7254,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -7014,8 +7316,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7067,8 +7369,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7159,8 +7461,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7212,8 +7514,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7315,8 +7617,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -7369,8 +7671,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -7472,8 +7774,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -7538,8 +7840,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -7613,39 +7915,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7653,68 +7955,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7722,21 +8010,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7750,14 +8038,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7790,8 +8083,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7838,8 +8131,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7874,8 +8167,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7893,10 +8186,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7935,8 +8228,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7983,8 +8276,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8019,8 +8312,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8038,10 +8331,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8080,8 +8373,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8128,8 +8421,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8164,8 +8457,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8180,13 +8473,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8202,36 +8495,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -8242,44 +8535,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -8289,7 +8596,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8297,21 +8604,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8328,16 +8635,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8370,8 +8672,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -8431,8 +8733,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -8523,8 +8825,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -8591,8 +8893,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -8677,39 +8979,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8717,31 +9019,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8749,29 +9051,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8792,7 +9094,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8854,8 +9156,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8924,8 +9226,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8999,20 +9301,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9020,16 +9322,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9039,31 +9341,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -9071,10 +9372,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9082,16 +9383,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9108,21 +9409,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9136,13 +9437,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9153,38 +9454,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9193,59 +9494,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9261,21 +9550,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9289,13 +9578,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9657,87 +9946,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.9.1.md b/docs/security/agent/grype-25.9.1.md index ecdfff0..936f0ec 100644 --- a/docs/security/agent/grype-25.9.1.md +++ b/docs/security/agent/grype-25.9.1.md @@ -6,6 +6,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | Medium | @@ -14,14 +15,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.9.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.9.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -30,13 +31,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -56,13 +58,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.9.2.json b/docs/security/agent/grype-25.9.2.json index 773802f..e0cd1a4 100644 --- a/docs/security/agent/grype-25.9.2.json +++ b/docs/security/agent/grype-25.9.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2003,8 +2003,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2097,9 +2097,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2121,7 +2121,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -2164,9 +2164,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2240,123 +2240,120 @@ }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.067275 + "advisories": [], + "risk": 0.067405 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.2, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2371,24 +2368,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2402,13 +2396,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2419,120 +2413,123 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2547,21 +2544,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32988", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2575,13 +2575,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2615,8 +2615,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2711,8 +2711,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2815,8 +2815,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -2887,8 +2887,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -2982,8 +2982,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3041,8 +3041,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3133,8 +3133,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3192,8 +3192,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3295,8 +3295,8 @@ { "cve": "CVE-2025-32989", "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ @@ -3365,8 +3365,8 @@ { "cve": "CVE-2025-32989", "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ @@ -3437,49 +3437,232 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 - }, - "relatedVulnerabilities": [ + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:31a5b734e9d4104fb0b3d7e1a5c0073993812555c6fb7ab75c73300346a1cc7e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23155, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ { "id": "CVE-2023-45322", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", @@ -3510,8 +3693,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -3601,9 +3784,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3619,7 +3802,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -3650,9 +3833,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3743,8 +3926,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3791,8 +3974,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3883,8 +4066,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3931,8 +4114,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -4011,257 +4194,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:31a5b734e9d4104fb0b3d7e1a5c0073993812555c6fb7ab75c73300346a1cc7e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ + } + ], + "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -4355,8 +4355,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -4398,8 +4398,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -4493,8 +4493,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -4541,8 +4541,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -4633,8 +4633,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4694,8 +4694,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4791,8 +4791,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4852,8 +4852,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4948,9 +4948,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4980,7 +4980,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -5023,9 +5023,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -5132,9 +5132,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -5150,7 +5150,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -5225,8 +5225,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -5291,8 +5291,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -5366,87 +5366,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5463,31 +5430,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5495,23 +5448,346 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:31a5b734e9d4104fb0b3d7e1a5c0073993812555c6fb7ab75c73300346a1cc7e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:31a5b734e9d4104fb0b3d7e1a5c0073993812555c6fb7ab75c73300346a1cc7e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5566,8 +5842,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5642,8 +5918,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5754,8 +6030,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5828,8 +6104,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5900,31 +6176,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -5932,48 +6216,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5981,87 +6277,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:31a5b734e9d4104fb0b3d7e1a5c0073993812555c6fb7ab75c73300346a1cc7e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:31a5b734e9d4104fb0b3d7e1a5c0073993812555c6fb7ab75c73300346a1cc7e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.9.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "58af988a1255396e", + "name": "fluent-bit", + "version": "25.9.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:90bec9ed97aa346515702a2197a2da4cda02cac9278d78746f60f22f58f5da88", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.9.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6069,48 +6457,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6118,21 +6514,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -6146,25 +6542,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6197,8 +6582,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -6251,8 +6636,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -6326,134 +6711,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.9.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "58af988a1255396e", - "name": "fluent-bit", - "version": "25.9.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:90bec9ed97aa346515702a2197a2da4cda02cac9278d78746f60f22f58f5da88", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.9.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6461,49 +6751,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -6518,21 +6820,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6546,13 +6848,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6586,8 +6888,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6628,8 +6930,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6723,8 +7025,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6765,8 +7067,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6837,12 +7139,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -6858,18 +7160,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6881,27 +7183,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -6920,18 +7222,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6952,7 +7254,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -7014,8 +7316,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7067,8 +7369,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7159,8 +7461,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7212,8 +7514,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7315,8 +7617,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -7369,8 +7671,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -7472,8 +7774,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -7538,8 +7840,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -7613,39 +7915,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7653,68 +7955,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7722,21 +8010,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7750,14 +8038,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7790,8 +8083,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7838,8 +8131,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7874,8 +8167,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7893,10 +8186,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7935,8 +8228,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7983,8 +8276,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8019,8 +8312,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8038,10 +8331,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8080,8 +8373,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8128,8 +8421,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8164,8 +8457,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8180,13 +8473,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8202,36 +8495,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -8242,44 +8535,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -8289,7 +8596,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8297,21 +8604,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8328,16 +8635,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8370,8 +8672,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -8431,8 +8733,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -8523,8 +8825,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -8591,8 +8893,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -8677,39 +8979,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8717,31 +9019,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8749,29 +9051,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8792,7 +9094,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8854,8 +9156,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8924,8 +9226,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8999,20 +9301,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9020,16 +9322,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9039,31 +9341,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -9071,10 +9372,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9082,16 +9383,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9108,21 +9409,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9136,13 +9437,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9153,38 +9454,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9193,59 +9494,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9261,21 +9550,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9289,13 +9578,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9657,87 +9946,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.9.2.md b/docs/security/agent/grype-25.9.2.md index 89d3bf0..7442d25 100644 --- a/docs/security/agent/grype-25.9.2.md +++ b/docs/security/agent/grype-25.9.2.md @@ -6,6 +6,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | Medium | @@ -14,14 +15,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.9.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.9.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -30,13 +31,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -56,13 +58,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.9.3.json b/docs/security/agent/grype-25.9.3.json index a45ad48..0763b46 100644 --- a/docs/security/agent/grype-25.9.3.json +++ b/docs/security/agent/grype-25.9.3.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2003,8 +2003,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -2097,9 +2097,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2121,7 +2121,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -2164,9 +2164,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2240,123 +2240,120 @@ }, { "vulnerability": { - "id": "CVE-2025-32988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.8.3-6.el9_6.2" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.8.3-6.el9_6.2", - "date": "2025-09-18", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:16116", - "link": "https://access.redhat.com/errata/RHSA-2025:16116" - } - ], - "risk": 0.067275 + "advisories": [], + "risk": 0.067405 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-32988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:16115", - "https://access.redhat.com/errata/RHSA-2025:16116", - "https://access.redhat.com/errata/RHSA-2025:17181", - "https://access.redhat.com/errata/RHSA-2025:17348", - "https://access.redhat.com/errata/RHSA-2025:17361", - "https://access.redhat.com/errata/RHSA-2025:17415", - "https://access.redhat.com/errata/RHSA-2025:19088", - "https://access.redhat.com/errata/RHSA-2025:22529", - "https://access.redhat.com/security/cve/CVE-2025-32988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", - "http://www.openwall.com/lists/oss-security/2025/07/11/3", - "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.2, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.3, - "impactScore": 4.3 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-32988", - "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "cve": "CVE-2025-27113", + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-32988", - "cwe": "CWE-415", - "source": "secalert@redhat.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2371,24 +2368,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-32988", - "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.8.3-6.el9_6.2" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1f56fd24429e9f5d", - "name": "gnutls", - "version": "3.8.3-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2402,13 +2396,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2419,120 +2413,123 @@ }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-32988", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.8.3-6.el9_6.2" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.8.3-6.el9_6.2", + "date": "2025-09-18", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2025:16116", + "link": "https://access.redhat.com/errata/RHSA-2025:16116" + } + ], + "risk": 0.067275 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-32988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://access.redhat.com/errata/RHSA-2025:16115", + "https://access.redhat.com/errata/RHSA-2025:16116", + "https://access.redhat.com/errata/RHSA-2025:17181", + "https://access.redhat.com/errata/RHSA-2025:17348", + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:17415", + "https://access.redhat.com/errata/RHSA-2025:19088", + "https://access.redhat.com/errata/RHSA-2025:22529", + "https://access.redhat.com/security/cve/CVE-2025-32988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", + "http://www.openwall.com/lists/oss-security/2025/07/11/3", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 7.5, + "baseScore": 8.2, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.3, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "cve": "CVE-2025-32988", + "epss": 0.00117, + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-32988", + "cwe": "CWE-415", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2547,21 +2544,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnutls", + "version": "0:3.8.3-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-32988", + "versionConstraint": "< 0:3.8.3-6.el9_6.2 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.8.3-6.el9_6.2" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "1f56fd24429e9f5d", + "name": "gnutls", + "version": "3.8.3-6.el9", "type": "rpm", "locations": [ { @@ -2575,13 +2575,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2615,8 +2615,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2711,8 +2711,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2815,8 +2815,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -2887,8 +2887,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -2982,8 +2982,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3041,8 +3041,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3133,8 +3133,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3192,8 +3192,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -3295,8 +3295,8 @@ { "cve": "CVE-2025-32989", "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ @@ -3365,8 +3365,8 @@ { "cve": "CVE-2025-32989", "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ @@ -3437,49 +3437,232 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 - }, - "relatedVulnerabilities": [ + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:de18c09dd5fcfc989af528cd3e121a5e6b07cce0fbd4d56e9fe657c716887cd6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23155, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ { "id": "CVE-2023-45322", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", @@ -3510,8 +3693,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -3601,9 +3784,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3619,7 +3802,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -3650,9 +3833,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3743,8 +3926,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3791,8 +3974,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3883,8 +4066,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3931,8 +4114,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -4011,257 +4194,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:de18c09dd5fcfc989af528cd3e121a5e6b07cce0fbd4d56e9fe657c716887cd6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ + } + ], + "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -4355,8 +4355,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -4398,8 +4398,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -4493,8 +4493,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -4541,8 +4541,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -4633,8 +4633,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4694,8 +4694,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4791,8 +4791,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4852,8 +4852,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4948,9 +4948,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4980,7 +4980,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -5023,9 +5023,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -5132,9 +5132,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -5150,7 +5150,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -5225,8 +5225,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -5291,8 +5291,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -5366,87 +5366,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -5463,31 +5430,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5495,23 +5448,346 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:de18c09dd5fcfc989af528cd3e121a5e6b07cce0fbd4d56e9fe657c716887cd6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:de18c09dd5fcfc989af528cd3e121a5e6b07cce0fbd4d56e9fe657c716887cd6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5566,8 +5842,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5642,8 +5918,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5754,8 +6030,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5828,8 +6104,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5900,31 +6176,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -5932,48 +6216,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5981,87 +6277,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:de18c09dd5fcfc989af528cd3e121a5e6b07cce0fbd4d56e9fe657c716887cd6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:de18c09dd5fcfc989af528cd3e121a5e6b07cce0fbd4d56e9fe657c716887cd6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.9.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.9.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "893c087a71570293", + "name": "fluent-bit", + "version": "25.9.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8433e8dc9fa8d345e683f2ad359bc76a41d7c8b7dd728c394c696f765a13dd2e", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.9.3:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.9.3", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -6069,48 +6457,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6118,21 +6514,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -6146,25 +6542,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6197,8 +6582,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -6251,8 +6636,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -6326,134 +6711,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.9.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "893c087a71570293", - "name": "fluent-bit", - "version": "25.9.3", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8433e8dc9fa8d345e683f2ad359bc76a41d7c8b7dd728c394c696f765a13dd2e", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.3:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.9.3", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6461,49 +6751,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -6518,21 +6820,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6546,13 +6848,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6586,8 +6888,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6628,8 +6930,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6723,8 +7025,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6765,8 +7067,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6837,12 +7139,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -6858,18 +7160,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6881,27 +7183,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -6920,18 +7222,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6952,7 +7254,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -7014,8 +7316,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7067,8 +7369,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7159,8 +7461,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7212,8 +7514,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -7315,8 +7617,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -7369,8 +7671,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -7472,8 +7774,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -7538,8 +7840,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -7613,39 +7915,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -7653,68 +7955,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7722,21 +8010,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7750,14 +8038,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7790,8 +8083,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7838,8 +8131,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7874,8 +8167,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7893,10 +8186,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7935,8 +8228,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7983,8 +8276,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8019,8 +8312,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8038,10 +8331,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8080,8 +8373,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8128,8 +8421,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -8164,8 +8457,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8180,13 +8473,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8202,36 +8495,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -8242,44 +8535,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -8289,7 +8596,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8297,21 +8604,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8328,16 +8635,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8370,8 +8672,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -8431,8 +8733,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -8523,8 +8825,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -8591,8 +8893,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -8677,39 +8979,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8717,31 +9019,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8749,29 +9051,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8792,7 +9094,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8854,8 +9156,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8924,8 +9226,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8999,20 +9301,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9020,16 +9322,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9039,31 +9341,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -9071,10 +9372,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -9082,16 +9383,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9108,21 +9409,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -9136,13 +9437,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9153,38 +9454,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -9193,59 +9494,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9261,21 +9550,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9289,13 +9578,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9662,87 +9951,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.9.3.md b/docs/security/agent/grype-25.9.3.md index b0b1842..6ff91ee 100644 --- a/docs/security/agent/grype-25.9.3.md +++ b/docs/security/agent/grype-25.9.3.md @@ -6,6 +6,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990) | Medium | | gnutls | 3.8.3-6.el9 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | Medium | @@ -14,14 +15,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.1 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.9.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.9.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -30,13 +31,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -56,13 +58,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.9.4.json b/docs/security/agent/grype-25.9.4.json index 00d4fa4..d874314 100644 --- a/docs/security/agent/grype-25.9.4.json +++ b/docs/security/agent/grype-25.9.4.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1918,9 +1918,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1942,7 +1942,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1985,9 +1985,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2083,9 +2083,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2107,7 +2107,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -2158,9 +2158,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2257,8 +2257,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2353,8 +2353,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2457,8 +2457,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2516,8 +2516,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2608,8 +2608,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2667,8 +2667,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,63 +2747,246 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:31c1d80278b580350ac8dcff6fe6fff4776f3eaaed9a4d70f5626a0a79f96cb2", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23155, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", @@ -2820,8 +3003,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2911,9 +3094,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2929,7 +3112,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2960,9 +3143,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3053,8 +3236,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3101,8 +3284,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3193,8 +3376,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3241,8 +3424,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3321,257 +3504,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:31c1d80278b580350ac8dcff6fe6fff4776f3eaaed9a4d70f5626a0a79f96cb2", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ + } + ], + "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3665,8 +3665,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3708,8 +3708,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3803,8 +3803,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3851,8 +3851,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3943,8 +3943,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4004,8 +4004,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4101,8 +4101,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4162,8 +4162,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4258,9 +4258,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4290,7 +4290,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -4333,9 +4333,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4442,9 +4442,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -4460,7 +4460,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4535,8 +4535,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4601,8 +4601,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4676,87 +4676,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4773,31 +4740,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4805,23 +4758,346 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:31c1d80278b580350ac8dcff6fe6fff4776f3eaaed9a4d70f5626a0a79f96cb2", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:31c1d80278b580350ac8dcff6fe6fff4776f3eaaed9a4d70f5626a0a79f96cb2", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -4876,8 +5152,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -4952,8 +5228,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5064,8 +5340,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5138,8 +5414,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5210,31 +5486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -5242,48 +5526,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5291,87 +5587,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:31c1d80278b580350ac8dcff6fe6fff4776f3eaaed9a4d70f5626a0a79f96cb2", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:31c1d80278b580350ac8dcff6fe6fff4776f3eaaed9a4d70f5626a0a79f96cb2", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.9.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.9.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "7faadc7dc528bd4d", + "name": "fluent-bit", + "version": "25.9.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:03fc448e5d6d708cd04f10e80a7b55f1d073a9fc4614adffa1802d4f415756eb", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.9.4:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.9.4", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5379,48 +5767,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5428,21 +5824,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5456,25 +5852,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5507,8 +5892,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5561,8 +5946,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5636,134 +6021,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.4:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.9.4" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "7faadc7dc528bd4d", - "name": "fluent-bit", - "version": "25.9.4", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:03fc448e5d6d708cd04f10e80a7b55f1d073a9fc4614adffa1802d4f415756eb", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.9.4:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.9.4", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5771,49 +6061,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5828,21 +6130,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5856,13 +6158,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5896,8 +6198,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5938,8 +6240,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6033,8 +6335,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6075,8 +6377,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6147,12 +6449,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -6168,18 +6470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6191,27 +6493,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -6230,18 +6532,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6262,7 +6564,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -6324,8 +6626,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6377,8 +6679,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6469,8 +6771,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6522,8 +6824,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6625,8 +6927,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6679,8 +6981,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6782,8 +7084,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6848,8 +7150,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6923,39 +7225,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6963,68 +7265,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7032,21 +7320,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7060,14 +7348,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7100,8 +7393,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7148,8 +7441,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7184,8 +7477,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7203,10 +7496,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7245,8 +7538,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7293,8 +7586,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7329,8 +7622,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7348,10 +7641,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7390,8 +7683,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7438,8 +7731,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7474,8 +7767,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7490,13 +7783,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7512,36 +7805,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7552,44 +7845,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7599,7 +7906,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7607,21 +7914,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7638,16 +7945,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7680,8 +7982,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7741,8 +8043,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7833,8 +8135,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7901,8 +8203,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7987,39 +8289,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8027,31 +8329,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8059,29 +8361,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8102,7 +8404,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8164,8 +8466,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8234,8 +8536,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8309,20 +8611,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8330,16 +8632,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8349,31 +8651,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -8381,10 +8682,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8392,16 +8693,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8418,21 +8719,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -8446,13 +8747,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8463,38 +8764,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8503,59 +8804,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8571,21 +8860,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8599,13 +8888,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8972,87 +9261,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.9.4.md b/docs/security/agent/grype-25.9.4.md index 4288986..49b14a3 100644 --- a/docs/security/agent/grype-25.9.4.md +++ b/docs/security/agent/grype-25.9.4.md @@ -6,18 +6,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.9.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.9.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -26,13 +27,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -52,13 +54,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.9.5.json b/docs/security/agent/grype-25.9.5.json index 0c8fa62..e9f8f74 100644 --- a/docs/security/agent/grype-25.9.5.json +++ b/docs/security/agent/grype-25.9.5.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89434, - "date": "2025-12-22" + "percentile": 0.89455, + "date": "2026-01-05" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -349,95 +349,112 @@ }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -445,21 +462,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -473,105 +490,133 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-41996", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", + "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.4165200000000001 + "risk": 0.38346 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-41996", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", + "id": "CVE-2024-7264", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://dheatattack.gitlab.io/details/", - "https://dheatattack.gitlab.io/faq/", - "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" + "http://www.openwall.com/lists/oss-security/2024/07/31/1", + "https://curl.se/docs/CVE-2024-7264.html", + "https://curl.se/docs/CVE-2024-7264.json", + "https://hackerone.com/reports/2629968", + "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", + "https://security.netapp.com/advisory/ntap-20240828-0008/", + "https://security.netapp.com/advisory/ntap-20241025-0006/", + "https://security.netapp.com/advisory/ntap-20241025-0010/" ], - "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", + "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-41996", - "epss": 0.00936, - "percentile": 0.75593, - "date": "2025-12-22" + "cve": "CVE-2024-7264", + "epss": 0.00924, + "percentile": 0.75482, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-41996", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2024-7264", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -586,21 +631,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-41996", + "vulnerabilityID": "CVE-2024-7264", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -614,28 +659,28 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -665,8 +710,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -721,8 +766,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74263, - "date": "2025-12-22" + "percentile": 0.7431, + "date": "2026-01-05" } ], "cwes": [ @@ -790,112 +835,95 @@ }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -903,21 +931,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -931,133 +959,105 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-7264", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-41996", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", + "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.1, - "impactScore": 4.3 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.33034 + "risk": 0.2621050000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-7264", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264", + "id": "CVE-2024-41996", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.openwall.com/lists/oss-security/2024/07/31/1", - "https://curl.se/docs/CVE-2024-7264.html", - "https://curl.se/docs/CVE-2024-7264.json", - "https://hackerone.com/reports/2629968", - "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", - "https://security.netapp.com/advisory/ntap-20240828-0008/", - "https://security.netapp.com/advisory/ntap-20241025-0006/", - "https://security.netapp.com/advisory/ntap-20241025-0010/" + "https://dheatattack.gitlab.io/details/", + "https://dheatattack.gitlab.io/faq/", + "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1" ], - "description": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", + "description": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-7264", - "epss": 0.00796, - "percentile": 0.73412, - "date": "2025-12-22" + "cve": "CVE-2024-41996", + "epss": 0.00589, + "percentile": 0.68494, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-7264", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-41996", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } @@ -1072,21 +1072,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-7264", + "vulnerabilityID": "CVE-2024-41996", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -1100,28 +1100,28 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -1151,8 +1151,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1222,8 +1222,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1325,8 +1325,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1396,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.6819, - "date": "2025-12-22" + "percentile": 0.68212, + "date": "2026-01-05" } ], "cwes": [ @@ -1499,8 +1499,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1544,8 +1544,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1639,8 +1639,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ], "fix": { @@ -1684,8 +1684,8 @@ { "cve": "CVE-2024-11053", "epss": 0.00337, - "percentile": 0.56012, - "date": "2025-12-22" + "percentile": 0.55986, + "date": "2026-01-05" } ] } @@ -1779,8 +1779,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1827,8 +1827,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00259, - "percentile": 0.49054, - "date": "2025-12-22" + "percentile": 0.49003, + "date": "2026-01-05" } ], "cwes": [ @@ -1918,9 +1918,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -1942,7 +1942,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0759 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { @@ -1985,9 +1985,9 @@ "epss": [ { "cve": "CVE-2023-32636", - "epss": 0.00165, - "percentile": 0.38076, - "date": "2025-12-22" + "epss": 0.00179, + "percentile": 0.39773, + "date": "2026-01-05" } ], "cwes": [ @@ -2083,9 +2083,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2107,7 +2107,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.066185 + "risk": 0.067405 }, "relatedVulnerabilities": [ { @@ -2158,9 +2158,9 @@ "epss": [ { "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44282, - "date": "2025-12-22" + "epss": 0.00221, + "percentile": 0.44619, + "date": "2026-01-05" } ], "cwes": [ @@ -2257,8 +2257,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2353,8 +2353,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.42125, - "date": "2025-12-22" + "percentile": 0.42034, + "date": "2026-01-05" } ], "cwes": [ @@ -2457,8 +2457,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2516,8 +2516,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2608,8 +2608,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2667,8 +2667,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32294, - "date": "2025-12-22" + "percentile": 0.32228, + "date": "2026-01-05" } ], "cwes": [ @@ -2747,63 +2747,246 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.03382000000000001 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.043320000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" + ], + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-6965", + "epss": 0.00057, + "percentile": 0.18048, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" + } + } + ], + "artifact": { + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:fccb81fb540d5b4e467b87b6d604c622913310c0660cbde4906373164f0362a6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Public Domain" + ], + "cpes": [ + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-8.el9_6" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.23155, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03382000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + ], + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "cvss": [ + { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", @@ -2820,8 +3003,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.23191, - "date": "2025-12-22" + "percentile": 0.23155, + "date": "2026-01-05" } ], "cwes": [ @@ -2911,9 +3094,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -2929,7 +3112,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.029814999999999994 + "risk": 0.033499999999999995 }, "relatedVulnerabilities": [ { @@ -2960,9 +3143,9 @@ "epss": [ { "cve": "CVE-2025-3360", - "epss": 0.00089, - "percentile": 0.25962, - "date": "2025-12-22" + "epss": 0.001, + "percentile": 0.28353, + "date": "2026-01-05" } ], "cwes": [ @@ -3053,8 +3236,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3101,8 +3284,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3193,8 +3376,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3241,8 +3424,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00061, - "percentile": 0.19171, - "date": "2025-12-22" + "percentile": 0.192, + "date": "2026-01-05" } ], "cwes": [ @@ -3321,257 +3504,74 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.02508 + "advisories": [], + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve-coordination@google.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", - "metrics": { - "baseScore": 7.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6965", - "epss": 0.00033, - "percentile": 0.0922, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" - } - } - ], - "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:fccb81fb540d5b4e467b87b6d604c622913310c0660cbde4906373164f0362a6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Public Domain" - ], - "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.024225 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" - ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ + } + ], + "epss": [ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3665,8 +3665,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ], "fix": { @@ -3708,8 +3708,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15927, - "date": "2025-12-22" + "percentile": 0.15937, + "date": "2026-01-05" } ] } @@ -3803,8 +3803,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3851,8 +3851,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00037, - "percentile": 0.10696, - "date": "2025-12-22" + "percentile": 0.10659, + "date": "2026-01-05" } ], "cwes": [ @@ -3943,8 +3943,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4004,8 +4004,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4101,8 +4101,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4162,8 +4162,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -4258,9 +4258,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4290,7 +4290,7 @@ "link": "https://access.redhat.com/errata/RHSA-2025:22660" } ], - "risk": 0.02037 + "risk": 0.019885 }, "relatedVulnerabilities": [ { @@ -4333,9 +4333,9 @@ "epss": [ { "cve": "CVE-2025-4598", - "epss": 0.00042, - "percentile": 0.1258, - "date": "2025-12-22" + "epss": 0.00041, + "percentile": 0.12203, + "date": "2026-01-05" } ], "cwes": [ @@ -4442,9 +4442,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" } ], "cwes": [ @@ -4460,7 +4460,7 @@ "state": "" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0147 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4535,8 +4535,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4601,8 +4601,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00031, - "percentile": 0.08434, - "date": "2025-12-22" + "percentile": 0.08471, + "date": "2026-01-05" } ], "cwes": [ @@ -4676,87 +4676,54 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.013779999999999999 + "advisories": [], + "risk": 0.013905000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -4773,31 +4740,17 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4805,23 +4758,346 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:fccb81fb540d5b4e467b87b6d604c622913310c0660cbde4906373164f0362a6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013905000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:fccb81fb540d5b4e467b87b6d604c622913310c0660cbde4906373164f0362a6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.013779999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" + } + } + ], + "artifact": { + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -4876,8 +5152,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -4952,8 +5228,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -5064,8 +5340,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5138,8 +5414,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00024, - "percentile": 0.05734, - "date": "2025-12-22" + "percentile": 0.05711, + "date": "2026-01-05" } ], "cwes": [ @@ -5210,31 +5486,39 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -5242,48 +5526,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" - ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02887, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5291,87 +5587,179 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-68973", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:fccb81fb540d5b4e467b87b6d604c622913310c0660cbde4906373164f0362a6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:fccb81fb540d5b4e467b87b6d604c622913310c0660cbde4906373164f0362a6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" + ], + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b5475bc3eb40a3d2", + "name": "fluent-bit", + "version": "25.10.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:3553ce02da5ad4f104ed57abc2cb09f0cd23d66a84911b9afaf204f439adfaf8", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\nhostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -5379,48 +5767,56 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01133 + "risk": 0.010795 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-13601", + "epss": 0.00017, + "percentile": 0.03076, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5428,21 +5824,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-13601", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -5456,25 +5852,14 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-31.el9_6.1" - } + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5507,8 +5892,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5561,8 +5946,8 @@ { "cve": "CVE-2025-60753", "epss": 0.0002, - "percentile": 0.04698, - "date": "2025-12-22" + "percentile": 0.04611, + "date": "2026-01-05" } ], "cwes": [ @@ -5636,134 +6021,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "b5475bc3eb40a3d2", - "name": "fluent-bit", - "version": "25.10.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:3553ce02da5ad4f104ed57abc2cb09f0cd23d66a84911b9afaf204f439adfaf8", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5771,49 +6061,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.009525 + "risk": 0.010349999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00015, - "percentile": 0.02479, - "date": "2025-12-22" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.07999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5828,21 +6130,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5856,13 +6158,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5896,8 +6198,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -5938,8 +6240,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6033,8 +6335,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6075,8 +6377,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -6147,12 +6449,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -6168,18 +6470,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6191,27 +6493,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -6230,18 +6532,18 @@ ], "epss": [ { - "cve": "CVE-2025-5915", + "cve": "CVE-2025-5916", "epss": 0.00026, - "percentile": 0.06524, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6262,7 +6564,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -6324,8 +6626,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6377,8 +6679,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6469,8 +6771,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6522,8 +6824,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -6625,8 +6927,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6679,8 +6981,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03938, - "date": "2025-12-22" + "percentile": 0.0387, + "date": "2026-01-05" } ], "cwes": [ @@ -6782,8 +7084,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6848,8 +7150,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00016, - "percentile": 0.0275, - "date": "2025-12-22" + "percentile": 0.02737, + "date": "2026-01-05" } ], "cwes": [ @@ -6923,39 +7225,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -6963,68 +7265,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007935 + "risk": 0.007769999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00023, - "percentile": 0.05385, - "date": "2025-12-22" + "cve": "CVE-2025-14104", + "epss": 0.00014, + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7032,21 +7320,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7060,14 +7348,19 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7100,8 +7393,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7148,8 +7441,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7184,8 +7477,8 @@ } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7203,10 +7496,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7245,8 +7538,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7293,8 +7586,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7329,8 +7622,8 @@ } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7348,10 +7641,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7390,8 +7683,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7438,8 +7731,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "percentile": 0.01829, + "date": "2026-01-05" } ], "cwes": [ @@ -7474,8 +7767,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "07c41562e2bee55f", + "name": "libuuid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7490,13 +7783,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7512,36 +7805,36 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7552,44 +7845,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007769999999999997 + "risk": 0.007245 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00014, - "percentile": 0.01842, - "date": "2025-12-22" + "cve": "CVE-2025-5918", + "epss": 0.00021, + "percentile": 0.04897, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Primary" @@ -7599,7 +7906,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7607,21 +7914,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7638,16 +7945,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7680,8 +7982,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7741,8 +8043,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06045, - "date": "2025-12-22" + "percentile": 0.06061, + "date": "2026-01-05" } ], "cwes": [ @@ -7833,8 +8135,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7901,8 +8203,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03788, - "date": "2025-12-22" + "percentile": 0.03715, + "date": "2026-01-05" } ], "cwes": [ @@ -7987,39 +8289,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8027,31 +8329,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006554999999999999 + "risk": 0.006379999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8059,29 +8361,29 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5918", - "epss": 0.00019, - "percentile": 0.04157, - "date": "2025-12-22" + "cve": "CVE-2025-5917", + "epss": 0.00022, + "percentile": 0.0517, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8102,7 +8404,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -8164,8 +8466,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8234,8 +8536,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.01634, - "date": "2025-12-22" + "percentile": 0.01615, + "date": "2026-01-05" } ], "cwes": [ @@ -8309,20 +8611,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8330,16 +8632,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8349,31 +8651,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00551 + "risk": 0.005225000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -8381,10 +8682,10 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.5, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8392,16 +8693,16 @@ ], "epss": [ { - "cve": "CVE-2025-5917", + "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.04404, - "date": "2025-12-22" + "percentile": 0.04092, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8418,21 +8719,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -8446,13 +8747,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8463,38 +8764,38 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -8503,59 +8804,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004675 + "risk": 0.0032700000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 1.5, + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.00017, - "percentile": 0.03418, - "date": "2025-12-22" + "cve": "CVE-2025-68972", + "epss": 0.00006, + "percentile": 0.00304, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -8571,21 +8860,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2025-68972", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8599,13 +8888,13 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8972,87 +9261,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/agent/grype-25.9.5.md b/docs/security/agent/grype-25.9.5.md index c9eee5a..6e289fa 100644 --- a/docs/security/agent/grype-25.9.5.md +++ b/docs/security/agent/grype-25.9.5.md @@ -6,18 +6,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | fluent-bit | 25.10.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | +| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | fluent-bit | 25.10.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | @@ -26,13 +27,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libmount | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libsmartcols | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | | libuuid | 2.37.4-21.el9 | [CVE-2025-14104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14104) | Medium | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68972) | Medium | | shadow-utils | 2:4.9-12.el9 | [CVE-2024-56433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433) | Low | | openldap | 2.6.8-4.el9 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-7264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2024-34459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-9681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681) | Low | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2024-11053](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11053) | Low | @@ -52,13 +54,13 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-latest.md b/docs/security/agent/grype-latest.md index 5c0fabd..26ebdea 100644 --- a/docs/security/agent/grype-latest.md +++ b/docs/security/agent/grype-latest.md @@ -1,6 +1,7 @@ ## Known agent vulnerabilities -High and critical vulnerabilities not triaged for the latest version (ghcr.io/fluentdo/agent:25.12.4) of the agent are shown below, as reported by Grype. +High and critical vulnerabilities not triaged for the latest version (ghcr.io/fluentdo/agent:26.1.1) of the agent are shown below, as reported by Grype. | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | +| gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | diff --git a/docs/security/oss/grype-4.0.10.json b/docs/security/oss/grype-4.0.10.json index 62ae5c8..c044e4e 100644 --- a/docs/security/oss/grype-4.0.10.json +++ b/docs/security/oss/grype-4.0.10.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -412,9 +412,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ], "fix": { @@ -422,7 +422,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.1426 + "risk": 0.1469 }, "relatedVulnerabilities": [ { @@ -466,9 +466,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -850,8 +850,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -910,8 +910,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1005,8 +1005,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1059,8 +1059,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1148,8 +1148,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "percentile": 0.2162, + "date": "2026-01-05" } ], "fix": { @@ -1192,8 +1192,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "percentile": 0.2162, + "date": "2026-01-05" } ] } @@ -1247,6 +1247,153 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.034550000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-12818", @@ -1273,8 +1420,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -1320,8 +1467,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1543,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ @@ -1458,8 +1605,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ @@ -1530,8 +1677,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1590,8 +1737,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1675,8 +1822,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1735,8 +1882,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1811,8 +1958,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1871,8 +2018,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1952,8 +2099,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2012,8 +2159,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2075,6 +2222,130 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.020249999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:b4a39b70e964ebebbece567bb17d6f8248c6267b5bda8c42de06b7037fa560b5", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-9230", @@ -2101,8 +2372,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -2177,8 +2448,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -2282,9 +2553,9 @@ "epss": [ { "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" } ], "cwes": [ @@ -2300,7 +2571,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0182 + "risk": 0.01875 }, "relatedVulnerabilities": [ { @@ -2346,9 +2617,9 @@ "epss": [ { "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" } ], "cwes": [ @@ -2429,259 +2700,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.01785 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.10:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.10" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c8c4e760545d2696", - "name": "fluent-bit", - "version": "4.0.10", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:6cd17e1289b73b928c1b35654d340f2f95800110b8da1e27f3c38c3fd8da87ff", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.10:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.10", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0178 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2019-1010025", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2019-1010023", @@ -2695,8 +2713,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "percentile": 0.56621, + "date": "2026-01-05" } ], "fix": { @@ -2762,8 +2780,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "percentile": 0.56621, + "date": "2026-01-05" } ] } @@ -2838,21 +2856,21 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-9232", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9232", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2860,10 +2878,293 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.17-1~deb12u3" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.01526 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u2" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.17-1~deb12u3" + } + } + ], + "artifact": { + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:b4a39b70e964ebebbece567bb17d6f8248c6267b5bda8c42de06b7037fa560b5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.10:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.0.10" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c8c4e760545d2696", + "name": "fluent-bit", + "version": "4.0.10", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:6cd17e1289b73b928c1b35654d340f2f95800110b8da1e27f3c38c3fd8da87ff", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.10:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.0.10", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "namespace": "debian:distro:debian:12", + "severity": "Low", + "urls": [], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12817", + "epss": 0.00046, + "percentile": 0.13998, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { @@ -2871,41 +3172,46 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.0165 + "risk": 0.014029999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-12817", + "epss": 0.00046, + "percentile": 0.13998, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2920,27 +3226,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-12817", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:b4a39b70e964ebebbece567bb17d6f8248c6267b5bda8c42de06b7037fa560b5", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2949,37 +3255,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -2989,32 +3295,43 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.015950000000000002 + "risk": 0.012650000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -3022,16 +3339,16 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -3054,7 +3371,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -3108,85 +3425,57 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9232", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.01526 + "advisories": [], + "risk": 0.011100000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -3197,17 +3486,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -3215,7 +3504,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3223,187 +3512,122 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:b4a39b70e964ebebbece567bb17d6f8248c6267b5bda8c42de06b7037fa560b5", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", - "namespace": "debian:distro:debian:12", - "severity": "Low", - "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.014029999999999999 + "risk": 0.011025000000000002 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" - ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.10:*:*:*:*:*:*:*" + ], "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.0.10" + } }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", + "id": "c8c4e760545d2696", + "name": "fluent-bit", + "version": "4.0.10", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:b4a39b70e964ebebbece567bb17d6f8248c6267b5bda8c42de06b7037fa560b5", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:6cd17e1289b73b928c1b35654d340f2f95800110b8da1e27f3c38c3fd8da87ff", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -3412,14 +3636,10 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.0.10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", - "upstreams": [ - { - "name": "postgresql-15" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.0.10", + "upstreams": [] } }, { @@ -3435,8 +3655,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ @@ -3500,8 +3720,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ @@ -3585,8 +3805,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3633,8 +3853,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3718,8 +3938,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3766,8 +3986,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3842,8 +4062,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3890,8 +4110,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3971,8 +4191,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4019,8 +4239,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4095,8 +4315,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ @@ -4152,8 +4372,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ @@ -4215,225 +4435,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.10:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.10" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c8c4e760545d2696", - "name": "fluent-bit", - "version": "4.0.10", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:6cd17e1289b73b928c1b35654d340f2f95800110b8da1e27f3c38c3fd8da87ff", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.10:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.10", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0095 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:b4a39b70e964ebebbece567bb17d6f8248c6267b5bda8c42de06b7037fa560b5", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2019-1010022", @@ -4447,8 +4448,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -4509,8 +4510,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -4604,8 +4605,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4671,8 +4672,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4753,8 +4754,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4820,8 +4821,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4898,8 +4899,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -4958,8 +4959,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -5043,8 +5044,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -5093,8 +5094,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -5169,8 +5170,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -5219,8 +5220,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -5291,8 +5292,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5341,8 +5342,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5417,8 +5418,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5467,8 +5468,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5539,8 +5540,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5587,8 +5588,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5672,8 +5673,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5720,8 +5721,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5796,8 +5797,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5844,8 +5845,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5925,8 +5926,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5973,8 +5974,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -6049,8 +6050,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -6116,8 +6117,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -6198,8 +6199,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -6265,8 +6266,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -6343,8 +6344,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6404,8 +6405,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6512,8 +6513,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6573,8 +6574,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6649,8 +6650,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6710,8 +6711,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6814,8 +6815,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6875,8 +6876,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6974,8 +6975,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7035,8 +7036,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7134,8 +7135,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -7182,8 +7183,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -7279,8 +7280,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -7321,8 +7322,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -7762,87 +7763,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/oss/grype-4.0.10.md b/docs/security/oss/grype-4.0.10.md index 33919c6..d2aaeb2 100644 --- a/docs/security/oss/grype-4.0.10.md +++ b/docs/security/oss/grype-4.0.10.md @@ -6,12 +6,12 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | -| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| fluent-bit | 4.0.10 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | +| fluent-bit | 4.0.10 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.0.10 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | @@ -20,22 +20,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.11.json b/docs/security/oss/grype-4.0.11.json index db03f17..65f99d6 100644 --- a/docs/security/oss/grype-4.0.11.json +++ b/docs/security/oss/grype-4.0.11.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -412,9 +412,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ], "fix": { @@ -422,7 +422,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.1426 + "risk": 0.1469 }, "relatedVulnerabilities": [ { @@ -466,9 +466,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -850,8 +850,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -910,8 +910,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1005,8 +1005,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1059,8 +1059,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1148,8 +1148,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "percentile": 0.2162, + "date": "2026-01-05" } ], "fix": { @@ -1192,8 +1192,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "percentile": 0.2162, + "date": "2026-01-05" } ] } @@ -1247,6 +1247,153 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.034550000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-12818", @@ -1273,8 +1420,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -1320,8 +1467,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1543,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ @@ -1458,8 +1605,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ @@ -1530,8 +1677,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1590,8 +1737,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1675,8 +1822,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1735,8 +1882,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1811,8 +1958,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1871,8 +2018,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1952,8 +2099,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2012,8 +2159,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2075,6 +2222,130 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.020249999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:43789fe97f5566d641028c0fae496e6c7e5e76709b6cf6b2a7768453a3915cfb", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-9230", @@ -2101,8 +2372,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -2177,8 +2448,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ @@ -2282,9 +2553,9 @@ "epss": [ { "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" } ], "cwes": [ @@ -2300,7 +2571,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0182 + "risk": 0.01875 }, "relatedVulnerabilities": [ { @@ -2346,9 +2617,9 @@ "epss": [ { "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" } ], "cwes": [ @@ -2429,259 +2700,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.01785 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.11:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.11" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "86591243b4277610", - "name": "fluent-bit", - "version": "4.0.11", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:df68301c9d83f18ff9a258bbf882ee83e959ab0d557bef9ab914824bebd89327", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.11:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.11", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0178 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2019-1010025", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2019-1010023", @@ -2695,8 +2713,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "percentile": 0.56621, + "date": "2026-01-05" } ], "fix": { @@ -2762,8 +2780,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "percentile": 0.56621, + "date": "2026-01-05" } ] } @@ -2838,21 +2856,21 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-9232", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9232", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2860,10 +2878,293 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.17-1~deb12u3" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.01526 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u2" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.17-1~deb12u3" + } + } + ], + "artifact": { + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:43789fe97f5566d641028c0fae496e6c7e5e76709b6cf6b2a7768453a3915cfb", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.11:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.0.11" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "86591243b4277610", + "name": "fluent-bit", + "version": "4.0.11", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:df68301c9d83f18ff9a258bbf882ee83e959ab0d557bef9ab914824bebd89327", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.11:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.0.11", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "namespace": "debian:distro:debian:12", + "severity": "Low", + "urls": [], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12817", + "epss": 0.00046, + "percentile": 0.13998, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { @@ -2871,41 +3172,46 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.0165 + "risk": 0.014029999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-12817", + "epss": 0.00046, + "percentile": 0.13998, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2920,27 +3226,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-12817", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:43789fe97f5566d641028c0fae496e6c7e5e76709b6cf6b2a7768453a3915cfb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2949,37 +3255,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -2989,32 +3295,43 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.015950000000000002 + "risk": 0.012650000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -3022,16 +3339,16 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -3054,7 +3371,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -3108,85 +3425,57 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9232", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.01526 + "advisories": [], + "risk": 0.011100000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -3197,17 +3486,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -3215,7 +3504,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3223,187 +3512,122 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:43789fe97f5566d641028c0fae496e6c7e5e76709b6cf6b2a7768453a3915cfb", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", - "namespace": "debian:distro:debian:12", - "severity": "Low", - "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.014029999999999999 + "risk": 0.011025000000000002 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" - ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.11:*:*:*:*:*:*:*" + ], "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.0.11" + } }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", + "id": "86591243b4277610", + "name": "fluent-bit", + "version": "4.0.11", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:43789fe97f5566d641028c0fae496e6c7e5e76709b6cf6b2a7768453a3915cfb", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:df68301c9d83f18ff9a258bbf882ee83e959ab0d557bef9ab914824bebd89327", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -3412,14 +3636,10 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.0.11:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", - "upstreams": [ - { - "name": "postgresql-15" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.0.11", + "upstreams": [] } }, { @@ -3435,8 +3655,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ @@ -3500,8 +3720,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ @@ -3585,8 +3805,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3633,8 +3853,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3718,8 +3938,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3766,8 +3986,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3842,8 +4062,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3890,8 +4110,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3971,8 +4191,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4019,8 +4239,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4095,8 +4315,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ @@ -4152,8 +4372,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ @@ -4215,225 +4435,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.11:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.11" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "86591243b4277610", - "name": "fluent-bit", - "version": "4.0.11", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:df68301c9d83f18ff9a258bbf882ee83e959ab0d557bef9ab914824bebd89327", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.11:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.11", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0095 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:43789fe97f5566d641028c0fae496e6c7e5e76709b6cf6b2a7768453a3915cfb", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2019-1010022", @@ -4447,8 +4448,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -4509,8 +4510,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -4604,8 +4605,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4671,8 +4672,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4753,8 +4754,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4820,8 +4821,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4898,8 +4899,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -4958,8 +4959,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -5043,8 +5044,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -5093,8 +5094,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -5169,8 +5170,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -5219,8 +5220,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -5291,8 +5292,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5341,8 +5342,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5417,8 +5418,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5467,8 +5468,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5539,8 +5540,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5587,8 +5588,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5672,8 +5673,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5720,8 +5721,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5796,8 +5797,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5844,8 +5845,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5925,8 +5926,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5973,8 +5974,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -6049,8 +6050,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -6116,8 +6117,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -6198,8 +6199,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -6265,8 +6266,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -6343,8 +6344,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6404,8 +6405,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6512,8 +6513,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6573,8 +6574,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6649,8 +6650,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6710,8 +6711,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6814,8 +6815,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6875,8 +6876,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6974,8 +6975,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7035,8 +7036,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7134,8 +7135,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -7182,8 +7183,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -7279,8 +7280,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -7321,8 +7322,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -7762,87 +7763,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/oss/grype-4.0.11.md b/docs/security/oss/grype-4.0.11.md index 8f0f8b8..ceb419d 100644 --- a/docs/security/oss/grype-4.0.11.md +++ b/docs/security/oss/grype-4.0.11.md @@ -6,12 +6,12 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | -| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| fluent-bit | 4.0.11 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | +| fluent-bit | 4.0.11 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.0.11 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | @@ -20,22 +20,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.12.json b/docs/security/oss/grype-4.0.12.json index f2443b7..e71fe7a 100644 --- a/docs/security/oss/grype-4.0.12.json +++ b/docs/security/oss/grype-4.0.12.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -412,9 +412,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ], "fix": { @@ -422,7 +422,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.1426 + "risk": 0.1469 }, "relatedVulnerabilities": [ { @@ -466,9 +466,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -850,8 +850,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -910,8 +910,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1005,8 +1005,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1059,8 +1059,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1148,8 +1148,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "percentile": 0.2162, + "date": "2026-01-05" } ], "fix": { @@ -1192,8 +1192,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "percentile": 0.2162, + "date": "2026-01-05" } ] } @@ -1247,6 +1247,153 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.034550000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-12818", @@ -1273,8 +1420,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -1320,8 +1467,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1543,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ @@ -1458,8 +1605,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ @@ -1530,8 +1677,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1590,8 +1737,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1675,8 +1822,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1735,8 +1882,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1811,8 +1958,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1871,8 +2018,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1952,8 +2099,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2012,8 +2159,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2075,6 +2222,130 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.020249999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:417b18e12362eb08bbee953a1a4ffe7152162c98178006fd3274e3a6e11d36df", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2019-1010024", @@ -2087,9 +2358,9 @@ "epss": [ { "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" } ], "cwes": [ @@ -2105,7 +2376,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0182 + "risk": 0.01875 }, "relatedVulnerabilities": [ { @@ -2151,9 +2422,9 @@ "epss": [ { "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" } ], "cwes": [ @@ -2234,259 +2505,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.01785 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.12:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.12" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "4ceb084b73b77402", - "name": "fluent-bit", - "version": "4.0.12", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:d273ade3b28aaafa210ca38f26be2a1b7bc2ad4647c7702b90db2405b9755bb9", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.12:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0178 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2019-1010025", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2019-1010023", @@ -2500,8 +2518,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "percentile": 0.56621, + "date": "2026-01-05" } ], "fix": { @@ -2567,8 +2585,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "percentile": 0.56621, + "date": "2026-01-05" } ] } @@ -2643,21 +2661,23 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2665,10 +2685,111 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.12:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.0.12" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "4ceb084b73b77402", + "name": "fluent-bit", + "version": "4.0.12", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:d273ade3b28aaafa210ca38f26be2a1b7bc2ad4647c7702b90db2405b9755bb9", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.12:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.0.12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "namespace": "debian:distro:debian:12", + "severity": "Low", + "urls": [], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12817", + "epss": 0.00046, + "percentile": 0.13998, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { @@ -2676,41 +2797,46 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.0165 + "risk": 0.014029999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-12817", + "epss": 0.00046, + "percentile": 0.13998, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2725,27 +2851,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-12817", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:417b18e12362eb08bbee953a1a4ffe7152162c98178006fd3274e3a6e11d36df", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2754,37 +2880,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -2794,32 +2920,43 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.015950000000000002 + "risk": 0.012650000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2827,16 +2964,16 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -2859,7 +2996,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -2913,86 +3050,78 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "Negligible", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.014029999999999999 + "risk": 0.011100000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -3000,35 +3129,130 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:417b18e12362eb08bbee953a1a4ffe7152162c98178006fd3274e3a6e11d36df", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.12:*:*:*:*:*:*:*" + ], "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.0.12" + } }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", + "id": "4ceb084b73b77402", + "name": "fluent-bit", + "version": "4.0.12", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:417b18e12362eb08bbee953a1a4ffe7152162c98178006fd3274e3a6e11d36df", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:d273ade3b28aaafa210ca38f26be2a1b7bc2ad4647c7702b90db2405b9755bb9", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -3037,14 +3261,10 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.0.12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", - "upstreams": [ - { - "name": "postgresql-15" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.0.12", + "upstreams": [] } }, { @@ -3060,8 +3280,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ @@ -3125,8 +3345,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ @@ -3210,8 +3430,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3258,8 +3478,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3343,8 +3563,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3391,8 +3611,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3467,8 +3687,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3515,8 +3735,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3596,8 +3816,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3644,8 +3864,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3720,8 +3940,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ @@ -3777,8 +3997,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ @@ -3840,225 +4060,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.12:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.12" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "4ceb084b73b77402", - "name": "fluent-bit", - "version": "4.0.12", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:d273ade3b28aaafa210ca38f26be2a1b7bc2ad4647c7702b90db2405b9755bb9", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.12:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0095 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:417b18e12362eb08bbee953a1a4ffe7152162c98178006fd3274e3a6e11d36df", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2019-1010022", @@ -4072,8 +4073,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -4134,8 +4135,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -4229,8 +4230,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4296,8 +4297,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4378,8 +4379,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4445,8 +4446,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4523,8 +4524,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -4583,8 +4584,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -4668,8 +4669,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -4718,8 +4719,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -4794,8 +4795,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -4844,8 +4845,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -4916,8 +4917,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -4966,8 +4967,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5042,8 +5043,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5092,8 +5093,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5164,8 +5165,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5212,8 +5213,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5297,8 +5298,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5345,8 +5346,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5421,8 +5422,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5469,8 +5470,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5550,8 +5551,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5598,8 +5599,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5674,8 +5675,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -5741,8 +5742,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -5823,8 +5824,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -5890,8 +5891,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -5968,8 +5969,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6029,8 +6030,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6137,8 +6138,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6198,8 +6199,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6274,8 +6275,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6335,8 +6336,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6439,8 +6440,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6500,8 +6501,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6599,8 +6600,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6660,8 +6661,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6759,8 +6760,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -6807,8 +6808,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -6904,8 +6905,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6946,8 +6947,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -7387,87 +7388,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/oss/grype-4.0.12.md b/docs/security/oss/grype-4.0.12.md index 238fc8f..5736168 100644 --- a/docs/security/oss/grype-4.0.12.md +++ b/docs/security/oss/grype-4.0.12.md @@ -18,22 +18,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.13.json b/docs/security/oss/grype-4.0.13.json index 3d464da..141372a 100644 --- a/docs/security/oss/grype-4.0.13.json +++ b/docs/security/oss/grype-4.0.13.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -412,9 +412,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ], "fix": { @@ -422,7 +422,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.1426 + "risk": 0.1469 }, "relatedVulnerabilities": [ { @@ -466,9 +466,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -850,8 +850,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -910,8 +910,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1005,8 +1005,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1059,8 +1059,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1148,8 +1148,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "percentile": 0.2162, + "date": "2026-01-05" } ], "fix": { @@ -1192,8 +1192,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "percentile": 0.2162, + "date": "2026-01-05" } ] } @@ -1247,6 +1247,153 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.034550000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2025-12818", @@ -1273,8 +1420,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -1320,8 +1467,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ @@ -1396,8 +1543,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ @@ -1458,8 +1605,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ @@ -1530,8 +1677,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1590,8 +1737,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1675,8 +1822,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1735,8 +1882,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1811,8 +1958,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1871,8 +2018,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -1952,8 +2099,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2012,8 +2159,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2075,6 +2222,130 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.020249999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, { "vulnerability": { "id": "CVE-2019-1010024", @@ -2087,9 +2358,9 @@ "epss": [ { "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" } ], "cwes": [ @@ -2105,7 +2376,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0182 + "risk": 0.01875 }, "relatedVulnerabilities": [ { @@ -2151,9 +2422,9 @@ "epss": [ { "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" } ], "cwes": [ @@ -2234,259 +2505,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.01785 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.13:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.13" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "5c9ed42943eb96f5", - "name": "fluent-bit", - "version": "4.0.13", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:f9725a4843d8177ab79ad0290db93000cfd21f404e0950ca2df8f77bc8a8e398", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.13:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.13", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0178 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2019-1010025", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2019-1010023", @@ -2500,8 +2518,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "percentile": 0.56621, + "date": "2026-01-05" } ], "fix": { @@ -2567,8 +2585,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "percentile": 0.56621, + "date": "2026-01-05" } ] } @@ -2643,21 +2661,23 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2665,10 +2685,111 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.13:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.0.13" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "5c9ed42943eb96f5", + "name": "fluent-bit", + "version": "4.0.13", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:f9725a4843d8177ab79ad0290db93000cfd21f404e0950ca2df8f77bc8a8e398", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.13:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.0.13", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "namespace": "debian:distro:debian:12", + "severity": "Low", + "urls": [], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12817", + "epss": 0.00046, + "percentile": 0.13998, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { @@ -2676,41 +2797,46 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.0165 + "risk": 0.014029999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-12817", + "epss": 0.00046, + "percentile": 0.13998, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2725,27 +2851,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-12817", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2754,37 +2880,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -2794,32 +2920,43 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.015950000000000002 + "risk": 0.012650000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -2827,16 +2964,16 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -2859,7 +2996,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -2913,86 +3050,78 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "Negligible", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.014029999999999999 + "risk": 0.011100000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -3000,35 +3129,130 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.13:*:*:*:*:*:*:*" + ], "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.0.13" + } }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", + "id": "5c9ed42943eb96f5", + "name": "fluent-bit", + "version": "4.0.13", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:f9725a4843d8177ab79ad0290db93000cfd21f404e0950ca2df8f77bc8a8e398", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -3037,14 +3261,10 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.0.13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", - "upstreams": [ - { - "name": "postgresql-15" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.0.13", + "upstreams": [] } }, { @@ -3060,8 +3280,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ @@ -3125,8 +3345,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ @@ -3210,8 +3430,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3258,8 +3478,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3343,8 +3563,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3391,8 +3611,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3467,8 +3687,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3515,8 +3735,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3596,8 +3816,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3644,8 +3864,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -3720,8 +3940,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ @@ -3777,8 +3997,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ @@ -3840,225 +4060,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.13:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.13" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "5c9ed42943eb96f5", - "name": "fluent-bit", - "version": "4.0.13", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:f9725a4843d8177ab79ad0290db93000cfd21f404e0950ca2df8f77bc8a8e398", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.13:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.13", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0095 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:c37bf7ef1af500ef329b6439c3d13f6008d5779df3433d8994325e53bb39b551", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2019-1010022", @@ -4072,8 +4073,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -4134,8 +4135,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -4229,8 +4230,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4296,8 +4297,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4378,8 +4379,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4445,8 +4446,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -4523,8 +4524,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -4583,8 +4584,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -4668,8 +4669,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -4718,8 +4719,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -4794,8 +4795,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -4844,8 +4845,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -4916,8 +4917,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -4966,8 +4967,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5042,8 +5043,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5092,8 +5093,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5164,8 +5165,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5212,8 +5213,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5297,8 +5298,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5345,8 +5346,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5421,8 +5422,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5469,8 +5470,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5550,8 +5551,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5598,8 +5599,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -5674,8 +5675,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -5741,8 +5742,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -5823,8 +5824,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -5890,8 +5891,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -5968,8 +5969,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6029,8 +6030,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6137,8 +6138,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6198,8 +6199,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6274,8 +6275,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6335,8 +6336,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6439,8 +6440,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6500,8 +6501,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6599,8 +6600,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6660,8 +6661,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6759,8 +6760,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -6807,8 +6808,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -6904,8 +6905,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -6946,8 +6947,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -7387,87 +7388,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/oss/grype-4.0.13.md b/docs/security/oss/grype-4.0.13.md index b8aec7a..83ca2f5 100644 --- a/docs/security/oss/grype-4.0.13.md +++ b/docs/security/oss/grype-4.0.13.md @@ -18,22 +18,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.3.json b/docs/security/oss/grype-4.0.3.json index affa27d..94c312e 100644 --- a/docs/security/oss/grype-4.0.3.json +++ b/docs/security/oss/grype-4.0.3.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -412,9 +412,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ], "fix": { @@ -422,7 +422,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.1426 + "risk": 0.1469 }, "relatedVulnerabilities": [ { @@ -466,9 +466,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ] } @@ -557,8 +557,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -641,8 +641,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -733,8 +733,8 @@ { "cve": "CVE-2025-32988", "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ @@ -817,8 +817,8 @@ { "cve": "CVE-2025-32988", "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ @@ -896,8 +896,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -959,8 +959,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -1054,8 +1054,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -1117,8 +1117,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -1215,8 +1215,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22309, - "date": "2025-12-22" + "percentile": 0.22329, + "date": "2026-01-05" } ], "cwes": [ @@ -1271,8 +1271,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22309, - "date": "2025-12-22" + "percentile": 0.22329, + "date": "2026-01-05" } ], "cwes": [ @@ -1363,8 +1363,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -1435,8 +1435,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -1514,8 +1514,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1574,8 +1574,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1669,8 +1669,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1723,8 +1723,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1812,8 +1812,8 @@ { "cve": "CVE-2025-32989", "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ @@ -1882,8 +1882,8 @@ { "cve": "CVE-2025-32989", "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ @@ -1950,76 +1950,110 @@ }, { "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1.20.1-2+deb12u4" + ], + "state": "fixed", + "available": [ + { + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.03605 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -2034,27 +2068,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10148", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" + }, + "fix": { + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -2063,30 +2100,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -2097,43 +2143,66 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1.20.1-2+deb12u4" + ], + "state": "fixed", + "available": [ + { + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.031065 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -2144,17 +2213,17 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -2170,27 +2239,30 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" + }, + "fix": { + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -2199,186 +2271,52 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "postgresql-15" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02885 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -2395,7 +2333,7 @@ ] }, "advisories": [], - "risk": 0.026705 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { @@ -2438,9 +2376,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -2478,15 +2416,15 @@ } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -2495,18 +2433,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -2539,9 +2473,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -2566,7 +2500,7 @@ ] }, "advisories": [], - "risk": 0.026705 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { @@ -2609,9 +2543,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -2649,15 +2583,15 @@ } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -2666,9 +2600,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -2678,110 +2612,76 @@ }, { "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.2162, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.026705 + "risk": 0.03605 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.2162, + "date": "2026-01-05" } ] } @@ -2796,30 +2696,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" + "vulnerabilityID": "CVE-2025-10148", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u3", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2828,127 +2725,91 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.026705 + "risk": 0.034550000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2963,138 +2824,145 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u10" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u3", + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-8714", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8714", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8714", - "epss": 0.00032, - "percentile": 0.08924, - "date": "2025-12-22" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8714", - "cwe": "CWE-829", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [ - "15.14-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.026080000000000006 + "risk": 0.031065 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8714/" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8714", - "epss": 0.00032, - "percentile": 0.08924, - "date": "2025-12-22" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8714", - "cwe": "CWE-829", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } @@ -3117,11 +2985,8 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8714", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.14-0+deb12u1" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "none (unknown)" } } ], @@ -3155,25 +3020,25 @@ }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2018-6829", + "epss": 0.00577, + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -3183,25 +3048,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.02885 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -3213,7 +3080,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -3224,16 +3091,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2018-6829", + "epss": 0.00577, + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -3242,7 +3109,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3250,27 +3117,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } @@ -3279,108 +3146,104 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-8714", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8714", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2025-8714", + "epss": 0.00032, + "percentile": 0.0896, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8714", + "cwe": "CWE-829", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.02315 + "risk": 0.026080000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-8714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://www.postgresql.org/support/security/CVE-2025-8714/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2025-8714", + "epss": 0.00032, + "percentile": 0.0896, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8714", + "cwe": "CWE-829", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -3395,27 +3258,30 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8714", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u3", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -3424,12 +3290,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "krb5" + "name": "postgresql-15" } ] } @@ -3447,8 +3313,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -3507,8 +3373,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -3543,15 +3409,15 @@ } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -3560,14 +3426,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -3588,8 +3458,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -3648,8 +3518,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -3684,15 +3554,15 @@ } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -3701,9 +3571,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -3713,122 +3583,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.019499999999999997 + "advisories": [], + "risk": 0.02315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3843,90 +3678,71 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.16-1~deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "43f3f021651a28d7", - "name": "libssl3", - "version": "3.0.16-1~deb12u1", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:0711ad304a055c3c5d8fa5a9dab4a1bc1463599b8618d4b8c045edce85c79ce5", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:0711ad304a055c3c5d8fa5a9dab4a1bc1463599b8618d4b8c045edce85c79ce5", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.16-1\\~deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.16-1~deb12u1?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "openssl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-5709", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -3936,33 +3752,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0182 + "risk": 0.02315 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -3970,7 +3782,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -3981,16 +3793,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-5709", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -4007,83 +3819,62 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4091,161 +3882,53 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.01785 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "4a91e02ef47904f6", - "name": "fluent-bit", - "version": "4.0.3", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:898af578770d19ceb6c408bc72724ec61e690dfa18e56dea99bcd77e549296fe", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.3:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.3", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0178 + "risk": 0.020249999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -4260,155 +3943,162 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-8713", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8713", + "id": "CVE-2025-9230", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "High", "urls": [], - "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8713", - "epss": 0.00057, - "percentile": 0.17959, - "date": "2025-12-22" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8713", - "cwe": "CWE-1230", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.14-0+deb12u1" + "3.0.17-1~deb12u3" ], "state": "fixed", "available": [ { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.017385 + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.019499999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8713", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8713/" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8713", - "epss": 0.00057, - "percentile": 0.17959, - "date": "2025-12-22" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8713", - "cwe": "CWE-1230", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4424,63 +4114,92 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" + "name": "openssl", + "version": "3.0.16-1~deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8713", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" }, "fix": { - "suggestedVersion": "15.14-0+deb12u1" + "suggestedVersion": "3.0.17-1~deb12u3" } } ], "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", + "id": "43f3f021651a28d7", + "name": "libssl3", + "version": "3.0.16-1~deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:0711ad304a055c3c5d8fa5a9dab4a1bc1463599b8618d4b8c045edce85c79ce5", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:0711ad304a055c3c5d8fa5a9dab4a1bc1463599b8618d4b8c045edce85c79ce5", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.16-1\\~deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.16-1~deb12u1?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2019-1010024", + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4488,32 +4207,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0173 + "risk": 0.01875 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -4521,33 +4241,29 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2019-1010024", + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4568,7 +4284,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -4622,74 +4338,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-8713", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8713", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-8713", + "epss": 0.00057, + "percentile": 0.17991, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8713", + "cwe": "CWE-1230", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0165 + "risk": 0.017385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-8713", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://www.postgresql.org/support/security/CVE-2025-8713/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-8713", + "epss": 0.00057, + "percentile": 0.17991, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8713", + "cwe": "CWE-1230", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -4704,27 +4442,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8713", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -4733,39 +4474,31 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ], "fix": { @@ -4773,51 +4506,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.015950000000000002 + "risk": 0.0173 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ] } @@ -4838,7 +4586,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010023", "versionConstraint": "none (unknown)" } } @@ -4916,8 +4664,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -4983,8 +4731,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5070,6 +4818,101 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.0.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "4a91e02ef47904f6", + "name": "fluent-bit", + "version": "4.0.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:898af578770d19ceb6c408bc72724ec61e690dfa18e56dea99bcd77e549296fe", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.0.3", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2025-12817", @@ -5096,8 +4939,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "percentile": 0.13998, + "date": "2026-01-05" } ], "cwes": [ @@ -5143,8 +4986,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "percentile": 0.13998, + "date": "2026-01-05" } ], "cwes": [ @@ -5208,25 +5051,25 @@ }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -5236,34 +5079,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0108 + "risk": 0.012650000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -5271,27 +5112,27 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 5, - "impactScore": 5 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -5300,35 +5141,277 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010025", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.3:*:*:*:*:*:*:*" + ], "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.0.3" + } }, "found": { - "vulnerabilityID": "CVE-2020-15719", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", - "type": "deb", + "id": "4a91e02ef47904f6", + "name": "fluent-bit", + "version": "4.0.3", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", - "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:898af578770d19ceb6c408bc72724ec61e690dfa18e56dea99bcd77e549296fe", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -5337,96 +5420,102 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.0.3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", - "upstreams": [ - { - "name": "openldap" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.0.3", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2025-8058", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2.36-9+deb12u13" + ], + "state": "fixed", + "available": [ + { + "version": "2.36-9+deb12u13", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0103 + "risk": 0.0109 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5441,75 +5530,88 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u10" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 2.36-9+deb12u13 (deb)" + }, + "fix": { + "suggestedVersion": "2.36-9+deb12u13" } } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2020-15719", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -5519,45 +5621,62 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.0108 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 5, + "impactScore": 5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2020-15719", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -5574,27 +5693,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2020-15719", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u3", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -5603,12 +5722,21 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "krb5" + "name": "openldap" } ] } @@ -5626,8 +5754,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5674,8 +5802,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5710,15 +5838,15 @@ } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -5727,14 +5855,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5755,8 +5887,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5803,8 +5935,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5839,15 +5971,15 @@ } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -5856,9 +5988,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5868,25 +6000,25 @@ }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5896,54 +6028,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01025 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5960,126 +6083,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4a91e02ef47904f6", - "name": "fluent-bit", - "version": "4.0.3", - "type": "binary", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u3", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:898af578770d19ceb6c408bc72724ec61e690dfa18e56dea99bcd77e549296fe", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -6088,35 +6112,44 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.0.3", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6124,58 +6157,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0095 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6183,27 +6212,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -6212,102 +6241,96 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", - "cvss": [ - { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 5.9 - }, - "vendorMetadata": {} - } - ], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "2.36-9+deb12u13" - ], - "state": "fixed", - "available": [ - { - "version": "2.36-9+deb12u13", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.01025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6322,63 +6345,41 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 2.36-9+deb12u13 (deb)" - }, - "fix": { - "suggestedVersion": "2.36-9+deb12u13" + "vulnerabilityID": "CVE-2024-2379", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:52e55bb5fc324478ddc62ebaec39a618e9b33d61041b37b718f41563baaaee59", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } @@ -6409,8 +6410,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01166, - "date": "2025-12-22" + "percentile": 0.01157, + "date": "2026-01-05" } ], "cwes": [ @@ -6469,8 +6470,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01166, - "date": "2025-12-22" + "percentile": 0.01157, + "date": "2026-01-05" } ], "cwes": [ @@ -6567,8 +6568,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -6629,8 +6630,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -6724,8 +6725,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6791,8 +6792,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6873,8 +6874,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6940,8 +6941,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -7018,8 +7019,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -7078,8 +7079,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -7163,8 +7164,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -7213,8 +7214,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -7289,8 +7290,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -7339,8 +7340,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -7411,8 +7412,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -7461,8 +7462,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -7537,8 +7538,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -7587,8 +7588,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -7659,8 +7660,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7707,8 +7708,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7792,8 +7793,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7840,8 +7841,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7916,8 +7917,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7964,8 +7965,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -8045,8 +8046,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -8093,8 +8094,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -8169,8 +8170,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -8236,8 +8237,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -8318,8 +8319,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -8385,8 +8386,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -8463,8 +8464,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8524,8 +8525,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8632,8 +8633,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8693,8 +8694,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8769,8 +8770,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8830,8 +8831,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8934,8 +8935,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8995,8 +8996,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -9094,8 +9095,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -9155,8 +9156,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -9254,8 +9255,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -9302,8 +9303,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -9399,8 +9400,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -9441,8 +9442,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -9877,87 +9878,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/oss/grype-4.0.3.md b/docs/security/oss/grype-4.0.3.md index 294f1b1..3233439 100644 --- a/docs/security/oss/grype-4.0.3.md +++ b/docs/security/oss/grype-4.0.3.md @@ -10,19 +10,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714) | High | -| libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libc6 | 2.36-9+deb12u10 | [CVE-2025-4802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802) | High | | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2025-6395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6395) | Medium | | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | -| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | -| fluent-bit | 4.0.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | +| fluent-bit | 4.0.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.0.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713) | Low | @@ -33,22 +33,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.22-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.22-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.4.json b/docs/security/oss/grype-4.0.4.json index 4d98fe9..31b1eee 100644 --- a/docs/security/oss/grype-4.0.4.json +++ b/docs/security/oss/grype-4.0.4.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -412,9 +412,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ], "fix": { @@ -422,7 +422,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.1426 + "risk": 0.1469 }, "relatedVulnerabilities": [ { @@ -466,9 +466,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ] } @@ -557,8 +557,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -641,8 +641,8 @@ { "cve": "CVE-2025-32990", "epss": 0.00155, - "percentile": 0.3685, - "date": "2025-12-22" + "percentile": 0.3677, + "date": "2026-01-05" } ], "cwes": [ @@ -733,8 +733,8 @@ { "cve": "CVE-2025-32988", "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ @@ -817,8 +817,8 @@ { "cve": "CVE-2025-32988", "epss": 0.00117, - "percentile": 0.31252, - "date": "2025-12-22" + "percentile": 0.3118, + "date": "2026-01-05" } ], "cwes": [ @@ -896,8 +896,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -959,8 +959,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -1054,8 +1054,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -1117,8 +1117,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -1215,8 +1215,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22309, - "date": "2025-12-22" + "percentile": 0.22329, + "date": "2026-01-05" } ], "cwes": [ @@ -1271,8 +1271,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22309, - "date": "2025-12-22" + "percentile": 0.22329, + "date": "2026-01-05" } ], "cwes": [ @@ -1363,8 +1363,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -1435,8 +1435,8 @@ { "cve": "CVE-2025-6395", "epss": 0.00084, - "percentile": 0.24956, - "date": "2025-12-22" + "percentile": 0.24857, + "date": "2026-01-05" } ], "cwes": [ @@ -1514,8 +1514,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1574,8 +1574,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1669,8 +1669,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1723,8 +1723,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1812,8 +1812,8 @@ { "cve": "CVE-2025-32989", "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ @@ -1882,8 +1882,8 @@ { "cve": "CVE-2025-32989", "epss": 0.00086, - "percentile": 0.25305, - "date": "2025-12-22" + "percentile": 0.25204, + "date": "2026-01-05" } ], "cwes": [ @@ -1950,76 +1950,110 @@ }, { "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1.20.1-2+deb12u4" + ], + "state": "fixed", + "available": [ + { + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.03605 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -2034,27 +2068,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10148", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" + }, + "fix": { + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -2063,30 +2100,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -2097,43 +2143,66 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1.20.1-2+deb12u4" + ], + "state": "fixed", + "available": [ + { + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.031065 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -2144,17 +2213,17 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -2170,27 +2239,30 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" + }, + "fix": { + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -2199,186 +2271,52 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "postgresql-15" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02885 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -2395,7 +2333,7 @@ ] }, "advisories": [], - "risk": 0.026705 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { @@ -2438,9 +2376,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -2478,15 +2416,15 @@ } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -2495,18 +2433,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -2539,9 +2473,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -2566,7 +2500,7 @@ ] }, "advisories": [], - "risk": 0.026705 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { @@ -2609,9 +2543,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -2649,15 +2583,15 @@ } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -2666,9 +2600,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -2678,110 +2612,76 @@ }, { "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.2162, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.026705 + "risk": 0.03605 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.2162, + "date": "2026-01-05" } ] } @@ -2796,30 +2696,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" + "vulnerabilityID": "CVE-2025-10148", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u3", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2828,127 +2725,91 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.026705 + "risk": 0.034550000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2963,138 +2824,145 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u10" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u3", + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-8714", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8714", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8714", - "epss": 0.00032, - "percentile": 0.08924, - "date": "2025-12-22" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8714", - "cwe": "CWE-829", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [ - "15.14-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.026080000000000006 + "risk": 0.031065 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8714/" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8714", - "epss": 0.00032, - "percentile": 0.08924, - "date": "2025-12-22" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8714", - "cwe": "CWE-829", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } @@ -3117,11 +2985,8 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8714", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.14-0+deb12u1" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "none (unknown)" } } ], @@ -3155,25 +3020,25 @@ }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2018-6829", + "epss": 0.00577, + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -3183,25 +3048,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.02885 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -3213,7 +3080,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -3224,16 +3091,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2018-6829", + "epss": 0.00577, + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -3242,7 +3109,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3250,27 +3117,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } @@ -3279,108 +3146,104 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-8714", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8714", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2025-8714", + "epss": 0.00032, + "percentile": 0.0896, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8714", + "cwe": "CWE-829", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.02315 + "risk": 0.026080000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-8714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://www.postgresql.org/support/security/CVE-2025-8714/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2025-8714", + "epss": 0.00032, + "percentile": 0.0896, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8714", + "cwe": "CWE-829", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -3395,27 +3258,30 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8714", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u3", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -3424,12 +3290,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "krb5" + "name": "postgresql-15" } ] } @@ -3447,8 +3313,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -3507,8 +3373,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -3543,15 +3409,15 @@ } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -3560,14 +3426,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -3588,8 +3458,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -3648,8 +3518,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -3684,15 +3554,15 @@ } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -3701,9 +3571,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -3713,122 +3583,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.019499999999999997 + "advisories": [], + "risk": 0.02315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3843,90 +3678,71 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.16-1~deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "43f3f021651a28d7", - "name": "libssl3", - "version": "3.0.16-1~deb12u1", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:0711ad304a055c3c5d8fa5a9dab4a1bc1463599b8618d4b8c045edce85c79ce5", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:0711ad304a055c3c5d8fa5a9dab4a1bc1463599b8618d4b8c045edce85c79ce5", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.16-1\\~deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.16-1~deb12u1?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "openssl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-5709", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -3936,33 +3752,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0182 + "risk": 0.02315 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -3970,7 +3782,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -3981,16 +3793,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-5709", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -4007,83 +3819,62 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4091,161 +3882,53 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.01785 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.4:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.4" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "b2a47700449dfa91", - "name": "fluent-bit", - "version": "4.0.4", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:5bf46ecf63e66e9acb5c21a721d986d2d672d90d4e7f3c6020d296f85803ef81", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.4:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.4", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0178 + "risk": 0.020249999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -4260,155 +3943,162 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-8713", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8713", + "id": "CVE-2025-9230", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "High", "urls": [], - "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8713", - "epss": 0.00057, - "percentile": 0.17959, - "date": "2025-12-22" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8713", - "cwe": "CWE-1230", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.14-0+deb12u1" + "3.0.17-1~deb12u3" ], "state": "fixed", "available": [ { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.017385 + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.019499999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8713", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8713/" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8713", - "epss": 0.00057, - "percentile": 0.17959, - "date": "2025-12-22" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8713", - "cwe": "CWE-1230", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4424,63 +4114,92 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" + "name": "openssl", + "version": "3.0.16-1~deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8713", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" }, "fix": { - "suggestedVersion": "15.14-0+deb12u1" + "suggestedVersion": "3.0.17-1~deb12u3" } } ], "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", + "id": "43f3f021651a28d7", + "name": "libssl3", + "version": "3.0.16-1~deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:0711ad304a055c3c5d8fa5a9dab4a1bc1463599b8618d4b8c045edce85c79ce5", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:0711ad304a055c3c5d8fa5a9dab4a1bc1463599b8618d4b8c045edce85c79ce5", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.16-1\\~deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.16-1~deb12u1?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2019-1010024", + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4488,32 +4207,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0173 + "risk": 0.01875 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -4521,33 +4241,29 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2019-1010024", + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4568,7 +4284,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -4622,74 +4338,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-8713", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8713", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-8713", + "epss": 0.00057, + "percentile": 0.17991, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8713", + "cwe": "CWE-1230", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0165 + "risk": 0.017385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-8713", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://www.postgresql.org/support/security/CVE-2025-8713/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-8713", + "epss": 0.00057, + "percentile": 0.17991, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8713", + "cwe": "CWE-1230", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -4704,27 +4442,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8713", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -4733,39 +4474,31 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ], "fix": { @@ -4773,51 +4506,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.015950000000000002 + "risk": 0.0173 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ] } @@ -4838,7 +4586,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010023", "versionConstraint": "none (unknown)" } } @@ -4916,8 +4664,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -4983,8 +4731,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -5070,6 +4818,101 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.0.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b2a47700449dfa91", + "name": "fluent-bit", + "version": "4.0.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:5bf46ecf63e66e9acb5c21a721d986d2d672d90d4e7f3c6020d296f85803ef81", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.0.4", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2025-12817", @@ -5096,8 +4939,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "percentile": 0.13998, + "date": "2026-01-05" } ], "cwes": [ @@ -5143,8 +4986,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "percentile": 0.13998, + "date": "2026-01-05" } ], "cwes": [ @@ -5208,25 +5051,25 @@ }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -5236,34 +5079,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0108 + "risk": 0.012650000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -5271,27 +5112,27 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 5, - "impactScore": 5 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -5300,35 +5141,277 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010025", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.4:*:*:*:*:*:*:*" + ], "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.0.4" + } }, "found": { - "vulnerabilityID": "CVE-2020-15719", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", - "type": "deb", + "id": "b2a47700449dfa91", + "name": "fluent-bit", + "version": "4.0.4", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", - "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:5bf46ecf63e66e9acb5c21a721d986d2d672d90d4e7f3c6020d296f85803ef81", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -5337,96 +5420,102 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.0.4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", - "upstreams": [ - { - "name": "openldap" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.0.4", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2025-8058", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2.36-9+deb12u13" + ], + "state": "fixed", + "available": [ + { + "version": "2.36-9+deb12u13", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0103 + "risk": 0.0109 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5441,75 +5530,88 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u10" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 2.36-9+deb12u13 (deb)" + }, + "fix": { + "suggestedVersion": "2.36-9+deb12u13" } } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2020-15719", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -5519,45 +5621,62 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.0108 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 5, + "impactScore": 5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2020-15719", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -5574,27 +5693,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2020-15719", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u3", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -5603,12 +5722,21 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "krb5" + "name": "openldap" } ] } @@ -5626,8 +5754,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5674,8 +5802,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5710,15 +5838,15 @@ } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -5727,14 +5855,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5755,8 +5887,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5803,8 +5935,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5839,15 +5971,15 @@ } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -5856,9 +5988,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5868,25 +6000,25 @@ }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5896,54 +6028,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01025 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5960,126 +6083,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.4:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.4" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b2a47700449dfa91", - "name": "fluent-bit", - "version": "4.0.4", - "type": "binary", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u3", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:5bf46ecf63e66e9acb5c21a721d986d2d672d90d4e7f3c6020d296f85803ef81", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -6088,35 +6112,44 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.0.4", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6124,58 +6157,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0095 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6183,27 +6212,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -6212,102 +6241,96 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", - "cvss": [ - { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 5.9 - }, - "vendorMetadata": {} - } - ], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "2.36-9+deb12u13" - ], - "state": "fixed", - "available": [ - { - "version": "2.36-9+deb12u13", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.01025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6322,63 +6345,41 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 2.36-9+deb12u13 (deb)" - }, - "fix": { - "suggestedVersion": "2.36-9+deb12u13" + "vulnerabilityID": "CVE-2024-2379", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:1c3c5b9e02f8172ebd6cb9474721807064773a5f70d3d21a8b3ddf6dc45985d2", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } @@ -6409,8 +6410,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01166, - "date": "2025-12-22" + "percentile": 0.01157, + "date": "2026-01-05" } ], "cwes": [ @@ -6469,8 +6470,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01166, - "date": "2025-12-22" + "percentile": 0.01157, + "date": "2026-01-05" } ], "cwes": [ @@ -6567,8 +6568,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -6629,8 +6630,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -6724,8 +6725,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6791,8 +6792,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6873,8 +6874,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6940,8 +6941,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -7018,8 +7019,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -7078,8 +7079,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -7163,8 +7164,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -7213,8 +7214,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -7289,8 +7290,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -7339,8 +7340,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -7411,8 +7412,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -7461,8 +7462,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -7537,8 +7538,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -7587,8 +7588,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -7659,8 +7660,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7707,8 +7708,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7792,8 +7793,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7840,8 +7841,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7916,8 +7917,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7964,8 +7965,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -8045,8 +8046,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -8093,8 +8094,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -8169,8 +8170,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -8236,8 +8237,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -8318,8 +8319,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -8385,8 +8386,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -8463,8 +8464,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8524,8 +8525,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8632,8 +8633,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8693,8 +8694,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8769,8 +8770,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8830,8 +8831,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8934,8 +8935,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8995,8 +8996,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -9094,8 +9095,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -9155,8 +9156,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -9254,8 +9255,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -9302,8 +9303,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -9399,8 +9400,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -9441,8 +9442,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -9877,87 +9878,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/oss/grype-4.0.4.md b/docs/security/oss/grype-4.0.4.md index 59e51e9..5a35a27 100644 --- a/docs/security/oss/grype-4.0.4.md +++ b/docs/security/oss/grype-4.0.4.md @@ -10,19 +10,19 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2025-32988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714) | High | -| libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libc6 | 2.36-9+deb12u10 | [CVE-2025-4802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802) | High | | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2025-6395](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6395) | Medium | | libgnutls30 | 3.7.9-2+deb12u4 | [CVE-2025-32989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989) | Medium | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | -| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | -| fluent-bit | 4.0.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | +| fluent-bit | 4.0.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.0.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713) | Low | @@ -33,22 +33,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.5.json b/docs/security/oss/grype-4.0.5.json index ba1cb9a..624cb41 100644 --- a/docs/security/oss/grype-4.0.5.json +++ b/docs/security/oss/grype-4.0.5.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -412,9 +412,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ], "fix": { @@ -422,7 +422,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.1426 + "risk": 0.1469 }, "relatedVulnerabilities": [ { @@ -466,9 +466,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -863,8 +863,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22309, - "date": "2025-12-22" + "percentile": 0.22329, + "date": "2026-01-05" } ], "cwes": [ @@ -919,8 +919,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22309, - "date": "2025-12-22" + "percentile": 0.22329, + "date": "2026-01-05" } ], "cwes": [ @@ -998,8 +998,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1058,8 +1058,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1153,8 +1153,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1207,8 +1207,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1272,76 +1272,110 @@ }, { "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1.20.1-2+deb12u4" + ], + "state": "fixed", + "available": [ + { + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.03605 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -1356,27 +1390,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10148", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" + }, + "fix": { + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -1385,30 +1422,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1419,43 +1465,66 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1.20.1-2+deb12u4" + ], + "state": "fixed", + "available": [ + { + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.031065 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1466,17 +1535,17 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -1492,27 +1561,30 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" + }, + "fix": { + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -1521,186 +1593,52 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "postgresql-15" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02885 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -1717,7 +1655,7 @@ ] }, "advisories": [], - "risk": 0.026705 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { @@ -1760,9 +1698,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1800,15 +1738,15 @@ } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -1817,18 +1755,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1861,9 +1795,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1888,7 +1822,7 @@ ] }, "advisories": [], - "risk": 0.026705 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { @@ -1931,9 +1865,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1971,15 +1905,15 @@ } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -1988,9 +1922,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -2000,110 +1934,76 @@ }, { "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.2162, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.026705 + "risk": 0.03605 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.2162, + "date": "2026-01-05" } ] } @@ -2118,30 +2018,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" + "vulnerabilityID": "CVE-2025-10148", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u3", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2150,127 +2047,91 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.026705 + "risk": 0.034550000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2285,138 +2146,145 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u10" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u3", + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-8714", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8714", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8714", - "epss": 0.00032, - "percentile": 0.08924, - "date": "2025-12-22" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8714", - "cwe": "CWE-829", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [ - "15.14-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.026080000000000006 + "risk": 0.031065 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8714/" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8714", - "epss": 0.00032, - "percentile": 0.08924, - "date": "2025-12-22" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8714", - "cwe": "CWE-829", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } @@ -2439,11 +2307,8 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8714", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.14-0+deb12u1" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "none (unknown)" } } ], @@ -2477,25 +2342,25 @@ }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2018-6829", + "epss": 0.00577, + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -2505,25 +2370,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.02885 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2535,7 +2402,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -2546,16 +2413,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2018-6829", + "epss": 0.00577, + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -2564,7 +2431,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2572,27 +2439,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } @@ -2601,108 +2468,104 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-8714", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8714", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2025-8714", + "epss": 0.00032, + "percentile": 0.0896, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8714", + "cwe": "CWE-829", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.02315 + "risk": 0.026080000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-8714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://www.postgresql.org/support/security/CVE-2025-8714/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2025-8714", + "epss": 0.00032, + "percentile": 0.0896, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8714", + "cwe": "CWE-829", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2717,27 +2580,30 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8714", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u3", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2746,12 +2612,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "krb5" + "name": "postgresql-15" } ] } @@ -2769,8 +2635,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2829,8 +2695,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2865,15 +2731,15 @@ } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -2882,14 +2748,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -2910,8 +2780,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2970,8 +2840,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -3006,15 +2876,15 @@ } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -3023,9 +2893,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -3035,122 +2905,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.019499999999999997 + "advisories": [], + "risk": 0.02315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3165,90 +3000,71 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.16-1~deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "43f3f021651a28d7", - "name": "libssl3", - "version": "3.0.16-1~deb12u1", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:0711ad304a055c3c5d8fa5a9dab4a1bc1463599b8618d4b8c045edce85c79ce5", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:0711ad304a055c3c5d8fa5a9dab4a1bc1463599b8618d4b8c045edce85c79ce5", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.16-1\\~deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.16-1~deb12u1?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "openssl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-5709", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -3258,33 +3074,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0182 + "risk": 0.02315 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -3292,7 +3104,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -3303,16 +3115,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-5709", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -3329,83 +3141,62 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3413,161 +3204,53 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.01785 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.5:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.5" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "0b4dc2620c0fb58e", - "name": "fluent-bit", - "version": "4.0.5", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:1ae57ae677bae63479d9a00d7d3a0400e1a361f66b1afb20f917df29c042a77f", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.5:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.5", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0178 + "risk": 0.020249999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -3582,155 +3265,162 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-8713", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8713", + "id": "CVE-2025-9230", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "High", "urls": [], - "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8713", - "epss": 0.00057, - "percentile": 0.17959, - "date": "2025-12-22" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8713", - "cwe": "CWE-1230", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.14-0+deb12u1" + "3.0.17-1~deb12u3" ], "state": "fixed", "available": [ { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.017385 + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.019499999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8713", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8713/" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8713", - "epss": 0.00057, - "percentile": 0.17959, - "date": "2025-12-22" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8713", - "cwe": "CWE-1230", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3746,63 +3436,92 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" + "name": "openssl", + "version": "3.0.16-1~deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8713", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" }, "fix": { - "suggestedVersion": "15.14-0+deb12u1" + "suggestedVersion": "3.0.17-1~deb12u3" } } ], "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", + "id": "43f3f021651a28d7", + "name": "libssl3", + "version": "3.0.16-1~deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:0711ad304a055c3c5d8fa5a9dab4a1bc1463599b8618d4b8c045edce85c79ce5", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:0711ad304a055c3c5d8fa5a9dab4a1bc1463599b8618d4b8c045edce85c79ce5", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.16-1\\~deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.16-1~deb12u1?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2019-1010024", + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3810,32 +3529,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0173 + "risk": 0.01875 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -3843,33 +3563,29 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2019-1010024", + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3890,7 +3606,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -3944,74 +3660,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-8713", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8713", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-8713", + "epss": 0.00057, + "percentile": 0.17991, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8713", + "cwe": "CWE-1230", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0165 + "risk": 0.017385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-8713", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://www.postgresql.org/support/security/CVE-2025-8713/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-8713", + "epss": 0.00057, + "percentile": 0.17991, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8713", + "cwe": "CWE-1230", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -4026,27 +3764,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8713", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -4055,39 +3796,31 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ], "fix": { @@ -4095,51 +3828,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.015950000000000002 + "risk": 0.0173 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ] } @@ -4160,7 +3908,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010023", "versionConstraint": "none (unknown)" } } @@ -4238,8 +3986,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -4305,8 +4053,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -4392,6 +4140,101 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.5:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.0.5" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "0b4dc2620c0fb58e", + "name": "fluent-bit", + "version": "4.0.5", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:1ae57ae677bae63479d9a00d7d3a0400e1a361f66b1afb20f917df29c042a77f", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.5:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.0.5", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2025-12817", @@ -4418,8 +4261,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "percentile": 0.13998, + "date": "2026-01-05" } ], "cwes": [ @@ -4465,8 +4308,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "percentile": 0.13998, + "date": "2026-01-05" } ], "cwes": [ @@ -4530,25 +4373,25 @@ }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -4558,34 +4401,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0108 + "risk": 0.012650000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -4593,27 +4434,27 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 5, - "impactScore": 5 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -4622,35 +4463,277 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010025", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.5:*:*:*:*:*:*:*" + ], "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.0.5" + } }, "found": { - "vulnerabilityID": "CVE-2020-15719", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", - "type": "deb", + "id": "0b4dc2620c0fb58e", + "name": "fluent-bit", + "version": "4.0.5", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", - "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:1ae57ae677bae63479d9a00d7d3a0400e1a361f66b1afb20f917df29c042a77f", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -4659,96 +4742,102 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.0.5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", - "upstreams": [ - { - "name": "openldap" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.0.5", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2025-8058", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2.36-9+deb12u13" + ], + "state": "fixed", + "available": [ + { + "version": "2.36-9+deb12u13", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0103 + "risk": 0.0109 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4763,75 +4852,88 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u10" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 2.36-9+deb12u13 (deb)" + }, + "fix": { + "suggestedVersion": "2.36-9+deb12u13" } } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2020-15719", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -4841,45 +4943,62 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.0108 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 5, + "impactScore": 5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2020-15719", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -4896,27 +5015,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2020-15719", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u3", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -4925,12 +5044,21 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "krb5" + "name": "openldap" } ] } @@ -4948,8 +5076,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4996,8 +5124,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5032,15 +5160,15 @@ } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -5049,14 +5177,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5077,8 +5209,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5125,8 +5257,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5161,15 +5293,15 @@ } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -5178,9 +5310,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5190,25 +5322,25 @@ }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5218,54 +5350,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01025 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5282,126 +5405,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.5:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.5" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0b4dc2620c0fb58e", - "name": "fluent-bit", - "version": "4.0.5", - "type": "binary", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u3", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:1ae57ae677bae63479d9a00d7d3a0400e1a361f66b1afb20f917df29c042a77f", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -5410,35 +5434,44 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.5:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.0.5", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5446,58 +5479,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0095 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5505,27 +5534,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -5534,102 +5563,96 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", - "cvss": [ - { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 5.9 - }, - "vendorMetadata": {} - } - ], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "2.36-9+deb12u13" - ], - "state": "fixed", - "available": [ - { - "version": "2.36-9+deb12u13", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.01025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5644,63 +5667,41 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 2.36-9+deb12u13 (deb)" - }, - "fix": { - "suggestedVersion": "2.36-9+deb12u13" + "vulnerabilityID": "CVE-2024-2379", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:2c48143b46c0c37e19b24b81b44f4c3620784ae714155891d332b1b1a59c8ca8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } @@ -5731,8 +5732,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01166, - "date": "2025-12-22" + "percentile": 0.01157, + "date": "2026-01-05" } ], "cwes": [ @@ -5791,8 +5792,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01166, - "date": "2025-12-22" + "percentile": 0.01157, + "date": "2026-01-05" } ], "cwes": [ @@ -5889,8 +5890,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -5951,8 +5952,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -6046,8 +6047,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6113,8 +6114,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6195,8 +6196,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6262,8 +6263,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6340,8 +6341,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -6400,8 +6401,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -6485,8 +6486,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6535,8 +6536,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6611,8 +6612,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6661,8 +6662,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6733,8 +6734,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6783,8 +6784,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6859,8 +6860,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6909,8 +6910,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6981,8 +6982,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7029,8 +7030,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7114,8 +7115,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7162,8 +7163,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7238,8 +7239,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7286,8 +7287,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7367,8 +7368,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7415,8 +7416,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7491,8 +7492,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7558,8 +7559,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7640,8 +7641,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7707,8 +7708,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7785,8 +7786,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7846,8 +7847,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7954,8 +7955,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8015,8 +8016,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8091,8 +8092,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8152,8 +8153,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8256,8 +8257,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8317,8 +8318,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8416,8 +8417,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8477,8 +8478,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8576,8 +8577,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -8624,8 +8625,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -8721,8 +8722,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -8763,8 +8764,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -9199,87 +9200,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/oss/grype-4.0.5.md b/docs/security/oss/grype-4.0.5.md index 53ba6c5..c567184 100644 --- a/docs/security/oss/grype-4.0.5.md +++ b/docs/security/oss/grype-4.0.5.md @@ -8,17 +8,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714) | High | -| libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libc6 | 2.36-9+deb12u10 | [CVE-2025-4802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802) | High | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | -| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | -| fluent-bit | 4.0.5 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libssl3 | 3.0.16-1~deb12u1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | +| fluent-bit | 4.0.5 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.0.5 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713) | Low | @@ -29,22 +29,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.6.json b/docs/security/oss/grype-4.0.6.json index fed3deb..74987e5 100644 --- a/docs/security/oss/grype-4.0.6.json +++ b/docs/security/oss/grype-4.0.6.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -412,9 +412,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ], "fix": { @@ -422,7 +422,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.1426 + "risk": 0.1469 }, "relatedVulnerabilities": [ { @@ -466,9 +466,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -863,8 +863,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22309, - "date": "2025-12-22" + "percentile": 0.22329, + "date": "2026-01-05" } ], "cwes": [ @@ -919,8 +919,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22309, - "date": "2025-12-22" + "percentile": 0.22329, + "date": "2026-01-05" } ], "cwes": [ @@ -998,8 +998,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1058,8 +1058,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1153,8 +1153,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1207,8 +1207,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1272,76 +1272,110 @@ }, { "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1.20.1-2+deb12u4" + ], + "state": "fixed", + "available": [ + { + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.03605 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -1356,27 +1390,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10148", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" + }, + "fix": { + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -1385,30 +1422,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1419,43 +1465,66 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1.20.1-2+deb12u4" + ], + "state": "fixed", + "available": [ + { + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.031065 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1466,17 +1535,17 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -1492,27 +1561,30 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" + }, + "fix": { + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -1521,186 +1593,52 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "postgresql-15" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02885 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -1717,7 +1655,7 @@ ] }, "advisories": [], - "risk": 0.026705 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { @@ -1760,9 +1698,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1800,15 +1738,15 @@ } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -1817,18 +1755,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1861,9 +1795,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1888,7 +1822,7 @@ ] }, "advisories": [], - "risk": 0.026705 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { @@ -1931,9 +1865,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1971,15 +1905,15 @@ } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -1988,9 +1922,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -2000,110 +1934,76 @@ }, { "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.2162, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.026705 + "risk": 0.03605 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.2162, + "date": "2026-01-05" } ] } @@ -2118,30 +2018,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" + "vulnerabilityID": "CVE-2025-10148", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u3", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2150,127 +2047,91 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.026705 + "risk": 0.034550000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2285,138 +2146,145 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u10" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u3", + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-8714", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8714", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8714", - "epss": 0.00032, - "percentile": 0.08924, - "date": "2025-12-22" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8714", - "cwe": "CWE-829", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [ - "15.14-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.026080000000000006 + "risk": 0.031065 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8714/" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8714", - "epss": 0.00032, - "percentile": 0.08924, - "date": "2025-12-22" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8714", - "cwe": "CWE-829", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } @@ -2439,11 +2307,8 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8714", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.14-0+deb12u1" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "none (unknown)" } } ], @@ -2477,25 +2342,25 @@ }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2018-6829", + "epss": 0.00577, + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -2505,25 +2370,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.02885 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2535,7 +2402,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -2546,16 +2413,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2018-6829", + "epss": 0.00577, + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -2564,7 +2431,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2572,27 +2439,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } @@ -2601,108 +2468,104 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-8714", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8714", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2025-8714", + "epss": 0.00032, + "percentile": 0.0896, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8714", + "cwe": "CWE-829", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.02315 + "risk": 0.026080000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-8714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://www.postgresql.org/support/security/CVE-2025-8714/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2025-8714", + "epss": 0.00032, + "percentile": 0.0896, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8714", + "cwe": "CWE-829", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2717,27 +2580,30 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8714", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u3", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2746,12 +2612,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "krb5" + "name": "postgresql-15" } ] } @@ -2769,8 +2635,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2829,8 +2695,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2865,15 +2731,15 @@ } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -2882,14 +2748,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -2910,8 +2780,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2970,8 +2840,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -3006,15 +2876,15 @@ } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -3023,9 +2893,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -3035,122 +2905,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.019499999999999997 + "advisories": [], + "risk": 0.02315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3165,90 +3000,71 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9865de4d59903aa0", - "name": "libssl3", - "version": "3.0.17-1~deb12u1", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:cc0c314018b19c7e7ad99f1ecb56281061eea966cd85b745f04a0b3951390b6f", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:cc0c314018b19c7e7ad99f1ecb56281061eea966cd85b745f04a0b3951390b6f", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u1?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "openssl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-5709", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -3258,33 +3074,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0182 + "risk": 0.02315 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -3292,7 +3104,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -3303,16 +3115,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-5709", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -3329,83 +3141,62 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3413,161 +3204,53 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.01785 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.6:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.6" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "3707ded65fc1f95c", - "name": "fluent-bit", - "version": "4.0.6", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a3268f0af6d8d4480ab48ddd5abe5b1c845bf5e06151729f6c902fb00a92a461", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.6:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.6", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0178 + "risk": 0.020249999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -3582,155 +3265,162 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-8713", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8713", + "id": "CVE-2025-9230", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "High", "urls": [], - "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8713", - "epss": 0.00057, - "percentile": 0.17959, - "date": "2025-12-22" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8713", - "cwe": "CWE-1230", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.14-0+deb12u1" + "3.0.17-1~deb12u3" ], "state": "fixed", "available": [ { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.017385 + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.019499999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8713", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8713/" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8713", - "epss": 0.00057, - "percentile": 0.17959, - "date": "2025-12-22" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8713", - "cwe": "CWE-1230", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3746,63 +3436,92 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8713", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" }, "fix": { - "suggestedVersion": "15.14-0+deb12u1" + "suggestedVersion": "3.0.17-1~deb12u3" } } ], "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", + "id": "9865de4d59903aa0", + "name": "libssl3", + "version": "3.0.17-1~deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:cc0c314018b19c7e7ad99f1ecb56281061eea966cd85b745f04a0b3951390b6f", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:cc0c314018b19c7e7ad99f1ecb56281061eea966cd85b745f04a0b3951390b6f", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u1?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2019-1010024", + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3810,32 +3529,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0173 + "risk": 0.01875 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -3843,33 +3563,29 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2019-1010024", + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3890,7 +3606,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -3944,74 +3660,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-8713", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8713", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-8713", + "epss": 0.00057, + "percentile": 0.17991, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8713", + "cwe": "CWE-1230", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0165 + "risk": 0.017385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-8713", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://www.postgresql.org/support/security/CVE-2025-8713/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-8713", + "epss": 0.00057, + "percentile": 0.17991, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8713", + "cwe": "CWE-1230", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -4026,27 +3764,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8713", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -4055,39 +3796,31 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ], "fix": { @@ -4095,51 +3828,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.015950000000000002 + "risk": 0.0173 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ] } @@ -4160,7 +3908,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010023", "versionConstraint": "none (unknown)" } } @@ -4238,8 +3986,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -4305,8 +4053,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -4392,6 +4140,101 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.0.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "3707ded65fc1f95c", + "name": "fluent-bit", + "version": "4.0.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a3268f0af6d8d4480ab48ddd5abe5b1c845bf5e06151729f6c902fb00a92a461", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.0.6", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2025-12817", @@ -4418,8 +4261,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "percentile": 0.13998, + "date": "2026-01-05" } ], "cwes": [ @@ -4465,8 +4308,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "percentile": 0.13998, + "date": "2026-01-05" } ], "cwes": [ @@ -4530,25 +4373,25 @@ }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -4558,34 +4401,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0108 + "risk": 0.012650000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -4593,27 +4434,27 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 5, - "impactScore": 5 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -4622,35 +4463,277 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010025", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.6:*:*:*:*:*:*:*" + ], "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.0.6" + } }, "found": { - "vulnerabilityID": "CVE-2020-15719", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", - "type": "deb", + "id": "3707ded65fc1f95c", + "name": "fluent-bit", + "version": "4.0.6", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", - "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a3268f0af6d8d4480ab48ddd5abe5b1c845bf5e06151729f6c902fb00a92a461", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -4659,96 +4742,102 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.0.6:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", - "upstreams": [ - { - "name": "openldap" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.0.6", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2025-8058", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2.36-9+deb12u13" + ], + "state": "fixed", + "available": [ + { + "version": "2.36-9+deb12u13", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0103 + "risk": 0.0109 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4763,75 +4852,88 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u10" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 2.36-9+deb12u13 (deb)" + }, + "fix": { + "suggestedVersion": "2.36-9+deb12u13" } } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2020-15719", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -4841,45 +4943,62 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.0108 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 5, + "impactScore": 5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2020-15719", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -4896,27 +5015,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2020-15719", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u3", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -4925,12 +5044,21 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "krb5" + "name": "openldap" } ] } @@ -4948,8 +5076,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4996,8 +5124,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5032,15 +5160,15 @@ } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -5049,14 +5177,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5077,8 +5209,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5125,8 +5257,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5161,15 +5293,15 @@ } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -5178,9 +5310,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5190,25 +5322,25 @@ }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5218,54 +5350,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01025 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5282,126 +5405,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.6:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.6" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3707ded65fc1f95c", - "name": "fluent-bit", - "version": "4.0.6", - "type": "binary", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u3", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a3268f0af6d8d4480ab48ddd5abe5b1c845bf5e06151729f6c902fb00a92a461", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -5410,35 +5434,44 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.6:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.0.6", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5446,58 +5479,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0095 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5505,27 +5534,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -5534,102 +5563,96 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", - "cvss": [ - { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 5.9 - }, - "vendorMetadata": {} - } - ], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "2.36-9+deb12u13" - ], - "state": "fixed", - "available": [ - { - "version": "2.36-9+deb12u13", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.01025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5644,63 +5667,41 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 2.36-9+deb12u13 (deb)" - }, - "fix": { - "suggestedVersion": "2.36-9+deb12u13" + "vulnerabilityID": "CVE-2024-2379", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:c50e2491877490906be6ab542e8699363b77483314e53074ead89a6c34f9dc7d", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } @@ -5731,8 +5732,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01166, - "date": "2025-12-22" + "percentile": 0.01157, + "date": "2026-01-05" } ], "cwes": [ @@ -5791,8 +5792,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01166, - "date": "2025-12-22" + "percentile": 0.01157, + "date": "2026-01-05" } ], "cwes": [ @@ -5889,8 +5890,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -5951,8 +5952,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -6046,8 +6047,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6113,8 +6114,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6195,8 +6196,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6262,8 +6263,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6340,8 +6341,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -6400,8 +6401,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -6485,8 +6486,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6535,8 +6536,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6611,8 +6612,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6661,8 +6662,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6733,8 +6734,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6783,8 +6784,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6859,8 +6860,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6909,8 +6910,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6981,8 +6982,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7029,8 +7030,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7114,8 +7115,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7162,8 +7163,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7238,8 +7239,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7286,8 +7287,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7367,8 +7368,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7415,8 +7416,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7491,8 +7492,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7558,8 +7559,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7640,8 +7641,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7707,8 +7708,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7785,8 +7786,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7846,8 +7847,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7954,8 +7955,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8015,8 +8016,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8091,8 +8092,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8152,8 +8153,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8256,8 +8257,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8317,8 +8318,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8416,8 +8417,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8477,8 +8478,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8576,8 +8577,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -8624,8 +8625,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -8721,8 +8722,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -8763,8 +8764,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -9199,87 +9200,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/oss/grype-4.0.6.md b/docs/security/oss/grype-4.0.6.md index 5c5b98b..1e117be 100644 --- a/docs/security/oss/grype-4.0.6.md +++ b/docs/security/oss/grype-4.0.6.md @@ -8,17 +8,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714) | High | -| libssl3 | 3.0.17-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libssl3 | 3.0.17-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libc6 | 2.36-9+deb12u10 | [CVE-2025-4802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802) | High | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | -| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | -| fluent-bit | 4.0.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libssl3 | 3.0.17-1~deb12u1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | +| fluent-bit | 4.0.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.0.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713) | Low | @@ -29,22 +29,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.7.json b/docs/security/oss/grype-4.0.7.json index 65a2057..f3b8b8e 100644 --- a/docs/security/oss/grype-4.0.7.json +++ b/docs/security/oss/grype-4.0.7.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -412,9 +412,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ], "fix": { @@ -422,7 +422,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.1426 + "risk": 0.1469 }, "relatedVulnerabilities": [ { @@ -466,9 +466,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -863,8 +863,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22309, - "date": "2025-12-22" + "percentile": 0.22329, + "date": "2026-01-05" } ], "cwes": [ @@ -919,8 +919,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22309, - "date": "2025-12-22" + "percentile": 0.22329, + "date": "2026-01-05" } ], "cwes": [ @@ -998,8 +998,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1058,8 +1058,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1153,8 +1153,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1207,8 +1207,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1272,76 +1272,110 @@ }, { "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1.20.1-2+deb12u4" + ], + "state": "fixed", + "available": [ + { + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.03605 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -1356,27 +1390,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10148", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" + }, + "fix": { + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -1385,30 +1422,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1419,43 +1465,66 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1.20.1-2+deb12u4" + ], + "state": "fixed", + "available": [ + { + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.031065 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1466,17 +1535,17 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -1492,27 +1561,30 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" + }, + "fix": { + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -1521,186 +1593,52 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "postgresql-15" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02885 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -1717,7 +1655,7 @@ ] }, "advisories": [], - "risk": 0.026705 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { @@ -1760,9 +1698,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1800,15 +1738,15 @@ } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -1817,18 +1755,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1861,9 +1795,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1888,7 +1822,7 @@ ] }, "advisories": [], - "risk": 0.026705 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { @@ -1931,9 +1865,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1971,15 +1905,15 @@ } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -1988,9 +1922,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -2000,110 +1934,76 @@ }, { "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.2162, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.026705 + "risk": 0.03605 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.2162, + "date": "2026-01-05" } ] } @@ -2118,30 +2018,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" + "vulnerabilityID": "CVE-2025-10148", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u3", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2150,127 +2047,91 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.026705 + "risk": 0.034550000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2285,138 +2146,145 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u10" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u3", + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-8714", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8714", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8714", - "epss": 0.00032, - "percentile": 0.08924, - "date": "2025-12-22" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8714", - "cwe": "CWE-829", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [ - "15.14-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.026080000000000006 + "risk": 0.031065 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8714/" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8714", - "epss": 0.00032, - "percentile": 0.08924, - "date": "2025-12-22" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8714", - "cwe": "CWE-829", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } @@ -2439,11 +2307,8 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8714", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.14-0+deb12u1" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "none (unknown)" } } ], @@ -2477,25 +2342,25 @@ }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2018-6829", + "epss": 0.00577, + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -2505,25 +2370,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.02885 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2535,7 +2402,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -2546,16 +2413,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2018-6829", + "epss": 0.00577, + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -2564,7 +2431,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2572,27 +2439,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } @@ -2601,108 +2468,104 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-8714", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8714", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2025-8714", + "epss": 0.00032, + "percentile": 0.0896, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8714", + "cwe": "CWE-829", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.02315 + "risk": 0.026080000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-8714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://www.postgresql.org/support/security/CVE-2025-8714/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2025-8714", + "epss": 0.00032, + "percentile": 0.0896, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8714", + "cwe": "CWE-829", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2717,27 +2580,30 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8714", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u3", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2746,12 +2612,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "krb5" + "name": "postgresql-15" } ] } @@ -2769,8 +2635,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2829,8 +2695,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2865,15 +2731,15 @@ } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -2882,14 +2748,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -2910,8 +2780,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2970,8 +2840,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -3006,15 +2876,15 @@ } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -3023,9 +2893,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -3035,122 +2905,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.019499999999999997 + "advisories": [], + "risk": 0.02315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3165,90 +3000,71 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9865de4d59903aa0", - "name": "libssl3", - "version": "3.0.17-1~deb12u1", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:cc0c314018b19c7e7ad99f1ecb56281061eea966cd85b745f04a0b3951390b6f", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:cc0c314018b19c7e7ad99f1ecb56281061eea966cd85b745f04a0b3951390b6f", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u1?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "openssl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-5709", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -3258,33 +3074,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0182 + "risk": 0.02315 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -3292,7 +3104,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -3303,16 +3115,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-5709", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -3329,83 +3141,62 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3413,161 +3204,53 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.01785 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.7:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.7" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "5a345cde88029be1", - "name": "fluent-bit", - "version": "4.0.7", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0e82ed369a721e840489041960007d230a287f85f19760992218dbdd10cc076a", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.7:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.7", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0178 + "risk": 0.020249999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -3582,155 +3265,162 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-8713", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8713", + "id": "CVE-2025-9230", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "High", "urls": [], - "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8713", - "epss": 0.00057, - "percentile": 0.17959, - "date": "2025-12-22" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8713", - "cwe": "CWE-1230", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.14-0+deb12u1" + "3.0.17-1~deb12u3" ], "state": "fixed", "available": [ { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.017385 + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.019499999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8713", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8713/" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8713", - "epss": 0.00057, - "percentile": 0.17959, - "date": "2025-12-22" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8713", - "cwe": "CWE-1230", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3746,63 +3436,92 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8713", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" }, "fix": { - "suggestedVersion": "15.14-0+deb12u1" + "suggestedVersion": "3.0.17-1~deb12u3" } } ], "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", + "id": "9865de4d59903aa0", + "name": "libssl3", + "version": "3.0.17-1~deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:cc0c314018b19c7e7ad99f1ecb56281061eea966cd85b745f04a0b3951390b6f", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:cc0c314018b19c7e7ad99f1ecb56281061eea966cd85b745f04a0b3951390b6f", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u1?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2019-1010024", + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3810,32 +3529,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0173 + "risk": 0.01875 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -3843,33 +3563,29 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2019-1010024", + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3890,7 +3606,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -3944,74 +3660,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-8713", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8713", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-8713", + "epss": 0.00057, + "percentile": 0.17991, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8713", + "cwe": "CWE-1230", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0165 + "risk": 0.017385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-8713", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://www.postgresql.org/support/security/CVE-2025-8713/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-8713", + "epss": 0.00057, + "percentile": 0.17991, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8713", + "cwe": "CWE-1230", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -4026,27 +3764,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8713", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -4055,39 +3796,31 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ], "fix": { @@ -4095,51 +3828,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.015950000000000002 + "risk": 0.0173 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ] } @@ -4160,7 +3908,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010023", "versionConstraint": "none (unknown)" } } @@ -4238,8 +3986,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -4305,8 +4053,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -4392,6 +4140,101 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.7:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.0.7" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "5a345cde88029be1", + "name": "fluent-bit", + "version": "4.0.7", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0e82ed369a721e840489041960007d230a287f85f19760992218dbdd10cc076a", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.7:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.0.7", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2025-12817", @@ -4418,8 +4261,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "percentile": 0.13998, + "date": "2026-01-05" } ], "cwes": [ @@ -4465,8 +4308,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "percentile": 0.13998, + "date": "2026-01-05" } ], "cwes": [ @@ -4530,25 +4373,25 @@ }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -4558,34 +4401,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0108 + "risk": 0.012650000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -4593,27 +4434,27 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 5, - "impactScore": 5 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -4622,35 +4463,277 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010025", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.7:*:*:*:*:*:*:*" + ], "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.0.7" + } }, "found": { - "vulnerabilityID": "CVE-2020-15719", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", - "type": "deb", + "id": "5a345cde88029be1", + "name": "fluent-bit", + "version": "4.0.7", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", - "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0e82ed369a721e840489041960007d230a287f85f19760992218dbdd10cc076a", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -4659,96 +4742,102 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.0.7:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", - "upstreams": [ - { - "name": "openldap" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.0.7", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2025-8058", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2.36-9+deb12u13" + ], + "state": "fixed", + "available": [ + { + "version": "2.36-9+deb12u13", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0103 + "risk": 0.0109 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4763,75 +4852,88 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u10" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 2.36-9+deb12u13 (deb)" + }, + "fix": { + "suggestedVersion": "2.36-9+deb12u13" } } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2020-15719", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -4841,45 +4943,62 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.0108 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 5, + "impactScore": 5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2020-15719", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -4896,27 +5015,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2020-15719", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u3", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -4925,12 +5044,21 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "krb5" + "name": "openldap" } ] } @@ -4948,8 +5076,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4996,8 +5124,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5032,15 +5160,15 @@ } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -5049,14 +5177,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5077,8 +5209,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5125,8 +5257,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5161,15 +5293,15 @@ } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -5178,9 +5310,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5190,25 +5322,25 @@ }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5218,54 +5350,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01025 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5282,126 +5405,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.7:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.7" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5a345cde88029be1", - "name": "fluent-bit", - "version": "4.0.7", - "type": "binary", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u3", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0e82ed369a721e840489041960007d230a287f85f19760992218dbdd10cc076a", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -5410,35 +5434,44 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.7:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.0.7", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5446,58 +5479,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0095 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5505,27 +5534,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -5534,102 +5563,96 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", - "cvss": [ - { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 5.9 - }, - "vendorMetadata": {} - } - ], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "2.36-9+deb12u13" - ], - "state": "fixed", - "available": [ - { - "version": "2.36-9+deb12u13", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.01025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5644,63 +5667,41 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 2.36-9+deb12u13 (deb)" - }, - "fix": { - "suggestedVersion": "2.36-9+deb12u13" + "vulnerabilityID": "CVE-2024-2379", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:e6f08f1f30bd6689a69c11717623bb6741c1e1ed323e4868b90b6a1d49eda610", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } @@ -5731,8 +5732,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01166, - "date": "2025-12-22" + "percentile": 0.01157, + "date": "2026-01-05" } ], "cwes": [ @@ -5791,8 +5792,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01166, - "date": "2025-12-22" + "percentile": 0.01157, + "date": "2026-01-05" } ], "cwes": [ @@ -5889,8 +5890,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -5951,8 +5952,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -6046,8 +6047,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6113,8 +6114,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6195,8 +6196,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6262,8 +6263,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6340,8 +6341,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -6400,8 +6401,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -6485,8 +6486,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6535,8 +6536,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6611,8 +6612,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6661,8 +6662,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6733,8 +6734,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6783,8 +6784,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6859,8 +6860,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6909,8 +6910,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6981,8 +6982,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7029,8 +7030,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7114,8 +7115,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7162,8 +7163,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7238,8 +7239,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7286,8 +7287,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7367,8 +7368,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7415,8 +7416,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7491,8 +7492,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7558,8 +7559,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7640,8 +7641,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7707,8 +7708,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7785,8 +7786,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7846,8 +7847,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7954,8 +7955,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8015,8 +8016,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8091,8 +8092,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8152,8 +8153,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8256,8 +8257,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8317,8 +8318,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8416,8 +8417,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8477,8 +8478,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8576,8 +8577,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -8624,8 +8625,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -8721,8 +8722,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -8763,8 +8764,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -9204,87 +9205,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/oss/grype-4.0.7.md b/docs/security/oss/grype-4.0.7.md index aa5cf1b..9708285 100644 --- a/docs/security/oss/grype-4.0.7.md +++ b/docs/security/oss/grype-4.0.7.md @@ -8,17 +8,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714) | High | -| libssl3 | 3.0.17-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libssl3 | 3.0.17-1~deb12u1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libc6 | 2.36-9+deb12u10 | [CVE-2025-4802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802) | High | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | -| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | -| fluent-bit | 4.0.7 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libssl3 | 3.0.17-1~deb12u1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | +| fluent-bit | 4.0.7 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.0.7 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713) | Low | @@ -29,22 +29,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.8.json b/docs/security/oss/grype-4.0.8.json index d1d6122..93219a6 100644 --- a/docs/security/oss/grype-4.0.8.json +++ b/docs/security/oss/grype-4.0.8.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -412,9 +412,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ], "fix": { @@ -422,7 +422,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.1426 + "risk": 0.1469 }, "relatedVulnerabilities": [ { @@ -466,9 +466,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -863,8 +863,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22309, - "date": "2025-12-22" + "percentile": 0.22329, + "date": "2026-01-05" } ], "cwes": [ @@ -919,8 +919,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22309, - "date": "2025-12-22" + "percentile": 0.22329, + "date": "2026-01-05" } ], "cwes": [ @@ -998,8 +998,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1058,8 +1058,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1153,8 +1153,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1207,8 +1207,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1272,76 +1272,110 @@ }, { "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1.20.1-2+deb12u4" + ], + "state": "fixed", + "available": [ + { + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.03605 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -1356,27 +1390,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10148", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" + }, + "fix": { + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -1385,30 +1422,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1419,43 +1465,66 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1.20.1-2+deb12u4" + ], + "state": "fixed", + "available": [ + { + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.031065 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1466,17 +1535,17 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -1492,27 +1561,30 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" + }, + "fix": { + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -1521,186 +1593,52 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "postgresql-15" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02885 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -1717,7 +1655,7 @@ ] }, "advisories": [], - "risk": 0.026705 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { @@ -1760,9 +1698,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1800,15 +1738,15 @@ } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -1817,18 +1755,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1861,9 +1795,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1888,7 +1822,7 @@ ] }, "advisories": [], - "risk": 0.026705 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { @@ -1931,9 +1865,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1971,15 +1905,15 @@ } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -1988,9 +1922,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -2000,110 +1934,76 @@ }, { "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.2162, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.026705 + "risk": 0.03605 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.2162, + "date": "2026-01-05" } ] } @@ -2118,30 +2018,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" + "vulnerabilityID": "CVE-2025-10148", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u3", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2150,127 +2047,91 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.026705 + "risk": 0.034550000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2285,138 +2146,145 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u10" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u3", + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-8714", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8714", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8714", - "epss": 0.00032, - "percentile": 0.08924, - "date": "2025-12-22" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8714", - "cwe": "CWE-829", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [ - "15.14-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.026080000000000006 + "risk": 0.031065 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8714/" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8714", - "epss": 0.00032, - "percentile": 0.08924, - "date": "2025-12-22" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8714", - "cwe": "CWE-829", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } @@ -2439,11 +2307,8 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8714", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.14-0+deb12u1" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "none (unknown)" } } ], @@ -2477,25 +2342,25 @@ }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2018-6829", + "epss": 0.00577, + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -2505,25 +2370,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.02885 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2535,7 +2402,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -2546,16 +2413,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2018-6829", + "epss": 0.00577, + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -2564,7 +2431,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2572,27 +2439,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } @@ -2601,108 +2468,104 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-8714", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8714", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2025-8714", + "epss": 0.00032, + "percentile": 0.0896, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8714", + "cwe": "CWE-829", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.02315 + "risk": 0.026080000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-8714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://www.postgresql.org/support/security/CVE-2025-8714/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2025-8714", + "epss": 0.00032, + "percentile": 0.0896, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8714", + "cwe": "CWE-829", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2717,27 +2580,30 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8714", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u3", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2746,12 +2612,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "krb5" + "name": "postgresql-15" } ] } @@ -2769,8 +2635,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2829,8 +2695,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2865,15 +2731,15 @@ } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -2882,14 +2748,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -2910,8 +2780,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2970,8 +2840,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -3006,15 +2876,15 @@ } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -3023,9 +2893,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -3035,122 +2905,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.019499999999999997 + "advisories": [], + "risk": 0.02315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3165,90 +3000,71 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "openssl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-5709", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -3258,33 +3074,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0182 + "risk": 0.02315 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -3292,7 +3104,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -3303,16 +3115,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-5709", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -3329,83 +3141,62 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3413,161 +3204,53 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.01785 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.8:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.8" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "8aa851c632adf094", - "name": "fluent-bit", - "version": "4.0.8", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:fb1d570c99714a4b9848ea5b9b9d3ac523dcc9f624b04e433b9247363f2aa092", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.8:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.8", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0178 + "risk": 0.020249999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -3582,155 +3265,162 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-8713", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8713", + "id": "CVE-2025-9230", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "High", "urls": [], - "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8713", - "epss": 0.00057, - "percentile": 0.17959, - "date": "2025-12-22" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8713", - "cwe": "CWE-1230", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.14-0+deb12u1" + "3.0.17-1~deb12u3" ], "state": "fixed", "available": [ { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.017385 + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.019499999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8713", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8713/" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8713", - "epss": 0.00057, - "percentile": 0.17959, - "date": "2025-12-22" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8713", - "cwe": "CWE-1230", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3746,63 +3436,92 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8713", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" }, "fix": { - "suggestedVersion": "15.14-0+deb12u1" + "suggestedVersion": "3.0.17-1~deb12u3" } } ], "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2019-1010024", + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3810,32 +3529,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0173 + "risk": 0.01875 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -3843,33 +3563,29 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2019-1010024", + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3890,7 +3606,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -3944,74 +3660,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-8713", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8713", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-8713", + "epss": 0.00057, + "percentile": 0.17991, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8713", + "cwe": "CWE-1230", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0165 + "risk": 0.017385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-8713", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://www.postgresql.org/support/security/CVE-2025-8713/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-8713", + "epss": 0.00057, + "percentile": 0.17991, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8713", + "cwe": "CWE-1230", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -4026,27 +3764,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8713", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -4055,39 +3796,31 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ], "fix": { @@ -4095,51 +3828,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.015950000000000002 + "risk": 0.0173 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ] } @@ -4160,7 +3908,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010023", "versionConstraint": "none (unknown)" } } @@ -4238,8 +3986,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -4305,8 +4053,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -4392,6 +4140,101 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.8:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.0.8" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "8aa851c632adf094", + "name": "fluent-bit", + "version": "4.0.8", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:fb1d570c99714a4b9848ea5b9b9d3ac523dcc9f624b04e433b9247363f2aa092", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.8:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.0.8", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2025-12817", @@ -4418,8 +4261,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "percentile": 0.13998, + "date": "2026-01-05" } ], "cwes": [ @@ -4465,8 +4308,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "percentile": 0.13998, + "date": "2026-01-05" } ], "cwes": [ @@ -4530,25 +4373,25 @@ }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -4558,34 +4401,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0108 + "risk": 0.012650000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -4593,27 +4434,27 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 5, - "impactScore": 5 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -4622,35 +4463,277 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010025", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.8:*:*:*:*:*:*:*" + ], "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.0.8" + } }, "found": { - "vulnerabilityID": "CVE-2020-15719", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", - "type": "deb", + "id": "8aa851c632adf094", + "name": "fluent-bit", + "version": "4.0.8", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", - "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:fb1d570c99714a4b9848ea5b9b9d3ac523dcc9f624b04e433b9247363f2aa092", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -4659,96 +4742,102 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.0.8:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", - "upstreams": [ - { - "name": "openldap" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.0.8", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2025-8058", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2.36-9+deb12u13" + ], + "state": "fixed", + "available": [ + { + "version": "2.36-9+deb12u13", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0103 + "risk": 0.0109 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4763,75 +4852,88 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u10" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 2.36-9+deb12u13 (deb)" + }, + "fix": { + "suggestedVersion": "2.36-9+deb12u13" } } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2020-15719", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -4841,45 +4943,62 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.0108 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 5, + "impactScore": 5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2020-15719", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -4896,27 +5015,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2020-15719", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u3", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -4925,12 +5044,21 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "krb5" + "name": "openldap" } ] } @@ -4948,8 +5076,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4996,8 +5124,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5032,15 +5160,15 @@ } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -5049,14 +5177,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5077,8 +5209,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5125,8 +5257,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5161,15 +5293,15 @@ } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -5178,9 +5310,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5190,25 +5322,25 @@ }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5218,54 +5350,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01025 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5282,126 +5405,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.8:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.8" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8aa851c632adf094", - "name": "fluent-bit", - "version": "4.0.8", - "type": "binary", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u3", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:fb1d570c99714a4b9848ea5b9b9d3ac523dcc9f624b04e433b9247363f2aa092", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -5410,35 +5434,44 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.8:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.0.8", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5446,58 +5479,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0095 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5505,27 +5534,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -5534,102 +5563,96 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", - "cvss": [ - { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 5.9 - }, - "vendorMetadata": {} - } - ], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "2.36-9+deb12u13" - ], - "state": "fixed", - "available": [ - { - "version": "2.36-9+deb12u13", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.01025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5644,63 +5667,41 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 2.36-9+deb12u13 (deb)" - }, - "fix": { - "suggestedVersion": "2.36-9+deb12u13" + "vulnerabilityID": "CVE-2024-2379", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:d14e017542c6367905f426ac3c8499aaf190db45bba7a74ae4d62115bfe67064", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } @@ -5731,8 +5732,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01166, - "date": "2025-12-22" + "percentile": 0.01157, + "date": "2026-01-05" } ], "cwes": [ @@ -5791,8 +5792,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01166, - "date": "2025-12-22" + "percentile": 0.01157, + "date": "2026-01-05" } ], "cwes": [ @@ -5889,8 +5890,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -5951,8 +5952,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -6046,8 +6047,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6113,8 +6114,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6195,8 +6196,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6262,8 +6263,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6340,8 +6341,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -6400,8 +6401,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -6485,8 +6486,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6535,8 +6536,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6611,8 +6612,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6661,8 +6662,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6733,8 +6734,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6783,8 +6784,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6859,8 +6860,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6909,8 +6910,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6981,8 +6982,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7029,8 +7030,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7114,8 +7115,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7162,8 +7163,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7238,8 +7239,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7286,8 +7287,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7367,8 +7368,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7415,8 +7416,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7491,8 +7492,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7558,8 +7559,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7640,8 +7641,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7707,8 +7708,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7785,8 +7786,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7846,8 +7847,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7954,8 +7955,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8015,8 +8016,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8091,8 +8092,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8152,8 +8153,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8256,8 +8257,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8317,8 +8318,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8416,8 +8417,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8477,8 +8478,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8576,8 +8577,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -8624,8 +8625,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -8721,8 +8722,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -8763,8 +8764,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -9204,87 +9205,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/oss/grype-4.0.8.md b/docs/security/oss/grype-4.0.8.md index a040eb6..69f4d9d 100644 --- a/docs/security/oss/grype-4.0.8.md +++ b/docs/security/oss/grype-4.0.8.md @@ -8,17 +8,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714) | High | -| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libc6 | 2.36-9+deb12u10 | [CVE-2025-4802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802) | High | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | -| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | -| fluent-bit | 4.0.8 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | +| fluent-bit | 4.0.8 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.0.8 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713) | Low | @@ -29,22 +29,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.0.9.json b/docs/security/oss/grype-4.0.9.json index a3ccf62..92ec5cf 100644 --- a/docs/security/oss/grype-4.0.9.json +++ b/docs/security/oss/grype-4.0.9.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -412,9 +412,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ], "fix": { @@ -422,7 +422,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.1426 + "risk": 0.1469 }, "relatedVulnerabilities": [ { @@ -466,9 +466,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -702,8 +702,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -765,8 +765,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -863,8 +863,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22309, - "date": "2025-12-22" + "percentile": 0.22329, + "date": "2026-01-05" } ], "cwes": [ @@ -919,8 +919,8 @@ { "cve": "CVE-2025-8715", "epss": 0.00072, - "percentile": 0.22309, - "date": "2025-12-22" + "percentile": 0.22329, + "date": "2026-01-05" } ], "cwes": [ @@ -998,8 +998,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1058,8 +1058,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1153,8 +1153,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1207,8 +1207,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1272,76 +1272,110 @@ }, { "vulnerability": { - "id": "CVE-2025-10148", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1.20.1-2+deb12u4" + ], + "state": "fixed", + "available": [ + { + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.03605 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-10148", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-10148.html", - "https://curl.se/docs/CVE-2025-10148.json", - "https://hackerone.com/reports/3330839", - "http://www.openwall.com/lists/oss-security/2025/09/10/2", - "http://www.openwall.com/lists/oss-security/2025/09/10/3", - "http://www.openwall.com/lists/oss-security/2025/09/10/4" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-10148", - "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -1356,27 +1390,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-10148", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" + }, + "fix": { + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -1385,30 +1422,39 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1419,43 +1465,66 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "1.20.1-2+deb12u4" + ], + "state": "fixed", + "available": [ + { + "version": "1.20.1-2+deb12u4", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.031065 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2025-3576", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://access.redhat.com/errata/RHSA-2025:11487", + "https://access.redhat.com/errata/RHSA-2025:13664", + "https://access.redhat.com/errata/RHSA-2025:13777", + "https://access.redhat.com/errata/RHSA-2025:15000", + "https://access.redhat.com/errata/RHSA-2025:15001", + "https://access.redhat.com/errata/RHSA-2025:15002", + "https://access.redhat.com/errata/RHSA-2025:15003", + "https://access.redhat.com/errata/RHSA-2025:15004", + "https://access.redhat.com/errata/RHSA-2025:8411", + "https://access.redhat.com/errata/RHSA-2025:9418", + "https://access.redhat.com/errata/RHSA-2025:9430", + "https://access.redhat.com/security/cve/CVE-2025-3576", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", + "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -1466,17 +1535,17 @@ ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -1492,27 +1561,30 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-3576", + "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" + }, + "fix": { + "suggestedVersion": "1.20.1-2+deb12u4" } } ], "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -1521,186 +1593,52 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "postgresql-15" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "id": "CVE-2025-3576", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "cve": "CVE-2025-3576", + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02885 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-3576", + "cwe": "CWE-328", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -1717,7 +1655,7 @@ ] }, "advisories": [], - "risk": 0.026705 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { @@ -1760,9 +1698,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1800,15 +1738,15 @@ } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -1817,18 +1755,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1861,9 +1795,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1888,7 +1822,7 @@ ] }, "advisories": [], - "risk": 0.026705 + "risk": 0.03869500000000001 }, "relatedVulnerabilities": [ { @@ -1931,9 +1865,9 @@ "epss": [ { "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "epss": 0.00071, + "percentile": 0.21965, + "date": "2026-01-05" } ], "cwes": [ @@ -1971,15 +1905,15 @@ } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -1988,9 +1922,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -2000,110 +1934,76 @@ }, { "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", + "id": "CVE-2025-10148", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-10148", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.2162, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.026705 + "risk": 0.03605 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", + "id": "CVE-2025-10148", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" + "https://curl.se/docs/CVE-2025-10148.html", + "https://curl.se/docs/CVE-2025-10148.json", + "https://hackerone.com/reports/3330839", + "http://www.openwall.com/lists/oss-security/2025/09/10/2", + "http://www.openwall.com/lists/oss-security/2025/09/10/3", + "http://www.openwall.com/lists/oss-security/2025/09/10/4" ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "curl's websocket code did not update the 32 bit mask pattern for each new\n outgoing frame as the specification says. Instead it used a fixed mask that\npersisted and was used throughout the entire connection.\n\nA predictable mask pattern allows for a malicious server to induce traffic\nbetween the two communicating parties that could be interpreted by an involved\nproxy (configured or transparent) as genuine, real, HTTP traffic with content\nand thereby poison its cache. That cached poisoned content could then be\nserved to all users of that proxy.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-10148", + "epss": 0.0007, + "percentile": 0.2162, + "date": "2026-01-05" } ] } @@ -2118,30 +2018,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" + "vulnerabilityID": "CVE-2025-10148", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", - "version": "1.20.1-2+deb12u3", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -2150,127 +2047,91 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-3576", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-3576", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1.20.1-2+deb12u4" - ], - "state": "fixed", - "available": [ - { - "version": "1.20.1-2+deb12u4", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.026705 + "risk": 0.034550000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3576", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3576", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:11487", - "https://access.redhat.com/errata/RHSA-2025:13664", - "https://access.redhat.com/errata/RHSA-2025:13777", - "https://access.redhat.com/errata/RHSA-2025:15000", - "https://access.redhat.com/errata/RHSA-2025:15001", - "https://access.redhat.com/errata/RHSA-2025:15002", - "https://access.redhat.com/errata/RHSA-2025:15003", - "https://access.redhat.com/errata/RHSA-2025:15004", - "https://access.redhat.com/errata/RHSA-2025:8411", - "https://access.redhat.com/errata/RHSA-2025:9418", - "https://access.redhat.com/errata/RHSA-2025:9430", - "https://access.redhat.com/security/cve/CVE-2025-3576", - "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", - "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3576", - "epss": 0.00049, - "percentile": 0.15465, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-3576", - "cwe": "CWE-328", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2285,138 +2146,145 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u10" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-3576", - "versionConstraint": "< 1.20.1-2+deb12u4 (deb)" - }, - "fix": { - "suggestedVersion": "1.20.1-2+deb12u4" + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u3", + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", - "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-8714", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8714", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8714", - "epss": 0.00032, - "percentile": 0.08924, - "date": "2025-12-22" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8714", - "cwe": "CWE-829", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [ - "15.14-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.026080000000000006 + "risk": 0.031065 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8714/" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8714", - "epss": 0.00032, - "percentile": 0.08924, - "date": "2025-12-22" + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8714", - "cwe": "CWE-829", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } @@ -2439,11 +2307,8 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8714", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.14-0+deb12u1" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "none (unknown)" } } ], @@ -2477,25 +2342,25 @@ }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2018-6829", + "epss": 0.00577, + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -2505,25 +2370,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02315 + "risk": 0.02885 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -2535,7 +2402,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -2546,16 +2413,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2018-6829", + "epss": 0.00577, + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -2564,7 +2431,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -2572,27 +2439,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } @@ -2601,108 +2468,104 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", - "upstreams": [ - { - "name": "krb5" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2025-8714", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8714", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], + "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2025-8714", + "epss": 0.00032, + "percentile": 0.0896, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8714", + "cwe": "CWE-829", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.02315 + "risk": 0.026080000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2025-8714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8714", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "https://www.postgresql.org/support/security/CVE-2025-8714/" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "cve": "CVE-2025-8714", + "epss": 0.00032, + "percentile": 0.0896, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8714", + "cwe": "CWE-829", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -2717,27 +2580,30 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8714", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u3", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -2746,12 +2612,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "krb5" + "name": "postgresql-15" } ] } @@ -2769,8 +2635,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2829,8 +2695,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2865,15 +2731,15 @@ } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -2882,14 +2748,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -2910,8 +2780,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2970,8 +2840,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -3006,15 +2876,15 @@ } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -3023,9 +2893,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -3035,122 +2905,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.019499999999999997 + "advisories": [], + "risk": 0.02315 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3165,90 +3000,71 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "openssl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-5709", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -3258,33 +3074,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0182 + "risk": 0.02315 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -3292,7 +3104,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -3303,16 +3115,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "cve": "CVE-2018-5709", + "epss": 0.00463, + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-5709", + "cwe": "CWE-190", "source": "nvd@nist.gov", "type": "Primary" } @@ -3329,83 +3141,62 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-5709", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libkrb5support0", + "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "glibc" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3413,161 +3204,53 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.01785 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.9:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.9" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "7740feeb65a993d4", - "name": "fluent-bit", - "version": "4.0.9", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:35e26f33315606291ae1e137d2089e5dcdd8d337d1f37f18e0c254fc5fbf2721", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.9:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.9", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0178 + "risk": 0.020249999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -3582,155 +3265,162 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-8713", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8713", + "id": "CVE-2025-9230", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "High", "urls": [], - "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8713", - "epss": 0.00057, - "percentile": 0.17959, - "date": "2025-12-22" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8713", - "cwe": "CWE-1230", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.14-0+deb12u1" + "3.0.17-1~deb12u3" ], "state": "fixed", "available": [ { - "version": "15.14-0+deb12u1", - "date": "2025-09-11", - "kind": "first-observed" + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.017385 + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.019499999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8713", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-8713/" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8713", - "epss": 0.00057, - "percentile": 0.17959, - "date": "2025-12-22" + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8713", - "cwe": "CWE-1230", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3746,63 +3436,92 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.13-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8713", - "versionConstraint": "< 15.14-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" }, "fix": { - "suggestedVersion": "15.14-0+deb12u1" + "suggestedVersion": "3.0.17-1~deb12u3" } } ], "artifact": { - "id": "11769cd41fdc5daa", - "name": "libpq5", - "version": "15.13-0+deb12u1", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2019-1010024", + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3810,32 +3529,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0173 + "risk": 0.01875 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -3843,33 +3563,29 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2019-1010024", + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3890,7 +3606,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -3944,74 +3660,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", + "id": "CVE-2025-8713", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8713", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-8713", + "epss": 0.00057, + "percentile": 0.17991, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8713", + "cwe": "CWE-1230", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "wont-fix" + "versions": [ + "15.14-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.14-0+deb12u1", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0165 + "risk": 0.017385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-8713", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8713", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://www.postgresql.org/support/security/CVE-2025-8713/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-8713", + "epss": 0.00057, + "percentile": 0.17991, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-8713", + "cwe": "CWE-1230", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -4026,27 +3764,30 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "postgresql-15", + "version": "15.13-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8713", + "versionConstraint": "< 15.14-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.14-0+deb12u1" } } ], "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", + "id": "11769cd41fdc5daa", + "name": "libpq5", + "version": "15.13-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -4055,39 +3796,31 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.13-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.13-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ], "fix": { @@ -4095,51 +3828,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.015950000000000002 + "risk": 0.0173 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ] } @@ -4160,7 +3908,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010023", "versionConstraint": "none (unknown)" } } @@ -4238,8 +3986,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -4305,8 +4053,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "percentile": 0.07216, + "date": "2026-01-05" } ], "cwes": [ @@ -4392,6 +4140,101 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.9:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.0.9" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "7740feeb65a993d4", + "name": "fluent-bit", + "version": "4.0.9", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:35e26f33315606291ae1e137d2089e5dcdd8d337d1f37f18e0c254fc5fbf2721", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.9:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.0.9", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2025-12817", @@ -4418,8 +4261,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "percentile": 0.13998, + "date": "2026-01-05" } ], "cwes": [ @@ -4465,8 +4308,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "percentile": 0.13998, + "date": "2026-01-05" } ], "cwes": [ @@ -4530,25 +4373,25 @@ }, { "vulnerability": { - "id": "CVE-2020-15719", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -4558,34 +4401,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0108 + "risk": 0.012650000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2020-15719", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", - "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", - "https://access.redhat.com/errata/RHBA-2019:3674", - "https://bugs.openldap.org/show_bug.cgi?id=9266", - "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -4593,27 +4434,27 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 5, - "impactScore": 5 + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2020-15719", - "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2020-15719", - "cwe": "CWE-295", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -4622,35 +4463,277 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u10" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010025", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.011100000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "libgcrypt20", + "version": "1.10.1-3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.011025000000000002 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.9:*:*:*:*:*:*:*" + ], "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.0.9" + } }, "found": { - "vulnerabilityID": "CVE-2020-15719", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", - "type": "deb", + "id": "7740feeb65a993d4", + "name": "fluent-bit", + "version": "4.0.9", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", - "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:35e26f33315606291ae1e137d2089e5dcdd8d337d1f37f18e0c254fc5fbf2721", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -4659,96 +4742,102 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.0.9:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", - "upstreams": [ - { - "name": "openldap" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.0.9", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2025-8058", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", - "cvss": [], + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", + "cvss": [ + { + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "2.36-9+deb12u13" + ], + "state": "fixed", + "available": [ + { + "version": "2.36-9+deb12u13", + "date": "2025-09-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.0103 + "risk": 0.0109 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2025-8058", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", + "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", + "http://www.openwall.com/lists/oss-security/2025/07/23/1" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2025-8058", + "epss": 0.0002, + "percentile": 0.04383, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-8058", + "cwe": "CWE-415", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4763,75 +4852,88 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u10" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-8058", + "versionConstraint": "< 2.36-9+deb12u13 (deb)" + }, + "fix": { + "suggestedVersion": "2.36-9+deb12u13" } } ], "artifact": { - "id": "3472c9903aced6bd", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u3", + "id": "c924a822eab59d9a", + "name": "libc6", + "version": "2.36-9+deb12u10", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2024-26458", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", + "id": "CVE-2020-15719", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2020-15719", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2020-15719", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -4841,45 +4943,62 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0103 + "risk": 0.0108 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26458", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", + "id": "CVE-2020-15719", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2020-15719", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", - "https://security.netapp.com/advisory/ntap-20240415-0010/" + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html", + "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html", + "https://access.redhat.com/errata/RHBA-2019:3674", + "https://bugs.openldap.org/show_bug.cgi?id=9266", + "https://bugzilla.redhat.com/show_bug.cgi?id=1740070", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", + "description": "libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 5, + "impactScore": 5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26458", - "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "cve": "CVE-2020-15719", + "epss": 0.00216, + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-26458", - "cwe": "CWE-401", + "cve": "CVE-2020-15719", + "cwe": "CWE-295", "source": "nvd@nist.gov", "type": "Primary" } @@ -4896,27 +5015,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u3" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26458", + "vulnerabilityID": "CVE-2020-15719", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dc5610a2a1a5ad4f", - "name": "libk5crypto3", - "version": "1.20.1-2+deb12u3", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -4925,12 +5044,21 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "krb5" + "name": "openldap" } ] } @@ -4948,8 +5076,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4996,8 +5124,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5032,15 +5160,15 @@ } ], "artifact": { - "id": "a9152735ac194d5d", - "name": "libkrb5-3", + "id": "3472c9903aced6bd", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -5049,14 +5177,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5077,8 +5209,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5125,8 +5257,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -5161,15 +5293,15 @@ } ], "artifact": { - "id": "04174b0fa1866e36", - "name": "libkrb5support0", + "id": "dc5610a2a1a5ad4f", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -5178,9 +5310,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -5190,25 +5322,25 @@ }, { "vulnerability": { - "id": "CVE-2024-2379", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5218,54 +5350,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01025 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2379", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://seclists.org/fulldisclosure/2024/Jul/18", - "http://seclists.org/fulldisclosure/2024/Jul/19", - "http://seclists.org/fulldisclosure/2024/Jul/20", - "http://www.openwall.com/lists/oss-security/2024/03/27/2", - "https://curl.se/docs/CVE-2024-2379.html", - "https://curl.se/docs/CVE-2024-2379.json", - "https://hackerone.com/reports/2410774", - "https://security.netapp.com/advisory/ntap-20240531-0001/", - "https://support.apple.com/kb/HT214118", - "https://support.apple.com/kb/HT214119", - "https://support.apple.com/kb/HT214120" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 2.9, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2379", - "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2379", - "cwe": "CWE-295", + "cve": "CVE-2024-26458", + "cwe": "CWE-401", "source": "nvd@nist.gov", "type": "Primary" } @@ -5282,126 +5405,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u12" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2379", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "24ac2ca249a444cf", - "name": "libcurl4", - "version": "7.88.1-10+deb12u12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.9:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.9" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2024-26458", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7740feeb65a993d4", - "name": "fluent-bit", - "version": "4.0.9", - "type": "binary", + "id": "a9152735ac194d5d", + "name": "libkrb5-3", + "version": "1.20.1-2+deb12u3", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:35e26f33315606291ae1e137d2089e5dcdd8d337d1f37f18e0c254fc5fbf2721", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -5410,35 +5434,44 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.9:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.0.9", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5446,58 +5479,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0095 + "risk": 0.0103 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2024-26458", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26458", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md", + "https://security.netapp.com/advisory/ntap-20240415-0010/" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" + "cve": "CVE-2024-26458", + "epss": 0.00206, + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2024-26458", + "cwe": "CWE-401", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -5505,27 +5534,27 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "krb5", + "version": "1.20.1-2+deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", + "vulnerabilityID": "CVE-2024-26458", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "04174b0fa1866e36", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -5534,102 +5563,96 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u3?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-8058", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-8058", + "id": "CVE-2024-2379", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2379", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", - "cvss": [ - { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 5.9 - }, - "vendorMetadata": {} - } - ], + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "2.36-9+deb12u13" - ], - "state": "fixed", - "available": [ - { - "version": "2.36-9+deb12u13", - "date": "2025-09-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.009265000000000002 + "risk": 0.01025 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-8058", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058", + "id": "CVE-2024-2379", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33185", - "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f", - "http://www.openwall.com/lists/oss-security/2025/07/23/1" + "http://seclists.org/fulldisclosure/2024/Jul/18", + "http://seclists.org/fulldisclosure/2024/Jul/19", + "http://seclists.org/fulldisclosure/2024/Jul/20", + "http://www.openwall.com/lists/oss-security/2024/03/27/2", + "https://curl.se/docs/CVE-2024-2379.html", + "https://curl.se/docs/CVE-2024-2379.json", + "https://hackerone.com/reports/2410774", + "https://security.netapp.com/advisory/ntap-20240531-0001/", + "https://support.apple.com/kb/HT214118", + "https://support.apple.com/kb/HT214119", + "https://support.apple.com/kb/HT214120" ], - "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is \nsubject to a double free if some previous allocation fails. It can be \naccomplished either by a malloc failure or by using an interposed malloc\n that injects random malloc failures. The double free can allow buffer \nmanipulation depending of how the regex is constructed. This issue \naffects all architectures and ABIs supported by the GNU C library.", + "description": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", "cvss": [ { - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9 + "baseScore": 6.3, + "exploitabilityScore": 2.9, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-8058", - "epss": 0.00017, - "percentile": 0.03077, - "date": "2025-12-22" + "cve": "CVE-2024-2379", + "epss": 0.00205, + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-8058", - "cwe": "CWE-415", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" + "cve": "CVE-2024-2379", + "cwe": "CWE-295", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5644,63 +5667,41 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u10" + "name": "curl", + "version": "7.88.1-10+deb12u12" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-8058", - "versionConstraint": "< 2.36-9+deb12u13 (deb)" - }, - "fix": { - "suggestedVersion": "2.36-9+deb12u13" + "vulnerabilityID": "CVE-2024-2379", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c924a822eab59d9a", - "name": "libc6", - "version": "2.36-9+deb12u10", + "id": "24ac2ca249a444cf", + "name": "libcurl4", + "version": "7.88.1-10+deb12u12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:891dbdd591f164fd4e1660f7b72e82c3d995057109207f08bad18b217a16df88", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:d5a3e014161bb602d87c2312e371ad2ea6f800c7f7af261af4faa67302b53c88", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u10:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u10?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u12?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "glibc" + "name": "curl" } ] } @@ -5731,8 +5732,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01166, - "date": "2025-12-22" + "percentile": 0.01157, + "date": "2026-01-05" } ], "cwes": [ @@ -5791,8 +5792,8 @@ { "cve": "CVE-2025-4802", "epss": 0.00012, - "percentile": 0.01166, - "date": "2025-12-22" + "percentile": 0.01157, + "date": "2026-01-05" } ], "cwes": [ @@ -5889,8 +5890,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -5951,8 +5952,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -6046,8 +6047,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6113,8 +6114,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6195,8 +6196,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6262,8 +6263,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -6340,8 +6341,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -6400,8 +6401,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -6485,8 +6486,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6535,8 +6536,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6611,8 +6612,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6661,8 +6662,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -6733,8 +6734,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6783,8 +6784,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6859,8 +6860,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6909,8 +6910,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6981,8 +6982,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7029,8 +7030,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7114,8 +7115,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7162,8 +7163,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7238,8 +7239,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7286,8 +7287,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7367,8 +7368,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7415,8 +7416,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -7491,8 +7492,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7558,8 +7559,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7640,8 +7641,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7707,8 +7708,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -7785,8 +7786,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7846,8 +7847,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7954,8 +7955,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8015,8 +8016,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8091,8 +8092,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8152,8 +8153,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8256,8 +8257,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8317,8 +8318,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8416,8 +8417,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8477,8 +8478,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -8576,8 +8577,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -8624,8 +8625,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -8721,8 +8722,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -8763,8 +8764,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -9204,87 +9205,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/oss/grype-4.0.9.md b/docs/security/oss/grype-4.0.9.md index c905057..6ef4501 100644 --- a/docs/security/oss/grype-4.0.9.md +++ b/docs/security/oss/grype-4.0.9.md @@ -8,17 +8,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715) | High | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714) | High | -| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libc6 | 2.36-9+deb12u10 | [CVE-2025-4802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802) | High | -| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | -| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2025-3576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576) | Medium | -| fluent-bit | 4.0.9 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | +| libpq5 | 15.13-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | +| fluent-bit | 4.0.9 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.0.9 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libc6 | 2.36-9+deb12u10 | [CVE-2025-8058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8058) | Medium | | libpq5 | 15.13-0+deb12u1 | [CVE-2025-8713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713) | Low | @@ -29,22 +29,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u10 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | +| libc6 | 2.36-9+deb12u10 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u3 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u12 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u10 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | diff --git a/docs/security/oss/grype-4.1.0.json b/docs/security/oss/grype-4.1.0.json index 910812d..ebf88c7 100644 --- a/docs/security/oss/grype-4.1.0.json +++ b/docs/security/oss/grype-4.1.0.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80421, - "date": "2025-12-22" + "percentile": 0.80449, + "date": "2026-01-05" } ], "cwes": [ @@ -202,8 +202,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -337,8 +337,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.8771, - "date": "2025-12-22" + "percentile": 0.87722, + "date": "2026-01-05" } ], "cwes": [ @@ -412,9 +412,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ], "fix": { @@ -422,7 +422,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.1426 + "risk": 0.1469 }, "relatedVulnerabilities": [ { @@ -466,9 +466,9 @@ "epss": [ { "cve": "CVE-2015-3276", - "epss": 0.02852, - "percentile": 0.85792, - "date": "2025-12-22" + "epss": 0.02938, + "percentile": 0.86019, + "date": "2026-01-05" } ] } @@ -559,9 +559,9 @@ "epss": [ { "cve": "CVE-2025-12970", - "epss": 0.00117, - "percentile": 0.31218, - "date": "2025-12-22" + "epss": 0.00134, + "percentile": 0.33816, + "date": "2026-01-05" } ], "cwes": [ @@ -577,7 +577,7 @@ "state": "" }, "advisories": [], - "risk": 0.09535500000000001 + "risk": 0.10921000000000002 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -640,8 +640,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -703,8 +703,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01669, - "percentile": 0.8164, - "date": "2025-12-22" + "percentile": 0.81649, + "date": "2026-01-05" } ], "cwes": [ @@ -798,8 +798,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -861,8 +861,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81494, - "date": "2025-12-22" + "percentile": 0.815, + "date": "2026-01-05" } ], "cwes": [ @@ -961,9 +961,9 @@ "epss": [ { "cve": "CVE-2025-12977", - "epss": 0.00072, - "percentile": 0.22221, - "date": "2025-12-22" + "epss": 0.00078, + "percentile": 0.23683, + "date": "2026-01-05" } ], "cwes": [ @@ -979,7 +979,7 @@ "state": "" }, "advisories": [], - "risk": 0.06516 + "risk": 0.07059 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -1056,9 +1056,9 @@ "epss": [ { "cve": "CVE-2025-12978", - "epss": 0.00114, - "percentile": 0.30829, - "date": "2025-12-22" + "epss": 0.00131, + "percentile": 0.33444, + "date": "2026-01-05" } ], "fix": { @@ -1066,7 +1066,7 @@ "state": "" }, "advisories": [], - "risk": 0.05928 + "risk": 0.06812 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -1144,9 +1144,9 @@ "epss": [ { "cve": "CVE-2025-12969", - "epss": 0.00097, - "percentile": 0.27479, - "date": "2025-12-22" + "epss": 0.00106, + "percentile": 0.29351, + "date": "2026-01-05" } ], "cwes": [ @@ -1162,7 +1162,7 @@ "state": "" }, "advisories": [], - "risk": 0.055775 + "risk": 0.06094999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -1212,6 +1212,102 @@ "upstreams": [] } }, + { + "vulnerability": { + "id": "CVE-2025-12972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12972", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", + "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" + ], + "description": "Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12972", + "epss": 0.00093, + "percentile": 0.26678, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12972", + "cwe": "CWE-22", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.047895 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.0" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-12972", + "versionConstraint": "= 4.1.0 (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2019-9192", @@ -1225,8 +1321,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1285,8 +1381,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00942, - "percentile": 0.75679, - "date": "2025-12-22" + "percentile": 0.75724, + "date": "2026-01-05" } ], "cwes": [ @@ -1380,8 +1476,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1434,8 +1530,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75131, - "date": "2025-12-22" + "percentile": 0.75176, + "date": "2026-01-05" } ], "cwes": [ @@ -1497,102 +1593,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-12972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12972", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", - "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" - ], - "description": "Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12972", - "epss": 0.00086, - "percentile": 0.25329, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12972", - "cwe": "CWE-22", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.044289999999999996 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.1.0" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-12972", - "versionConstraint": "= 4.1.0 (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2025-10148", @@ -1619,8 +1619,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "percentile": 0.2162, + "date": "2026-01-05" } ], "fix": { @@ -1663,8 +1663,8 @@ { "cve": "CVE-2025-10148", "epss": 0.0007, - "percentile": 0.2161, - "date": "2025-12-22" + "percentile": 0.2162, + "date": "2026-01-05" } ] } @@ -1720,88 +1720,235 @@ }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.031065 + "risk": 0.034550000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00057, - "percentile": 0.18022, - "date": "2025-12-22" + "cve": "CVE-2010-4756", + "epss": 0.00691, + "percentile": 0.71222, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2010-4756", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.031065 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2025-12818/" + ], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12818", + "epss": 0.00057, + "percentile": 0.18054, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } ] } ], @@ -1867,8 +2014,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ @@ -1929,8 +2076,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00577, - "percentile": 0.68094, - "date": "2025-12-22" + "percentile": 0.68117, + "date": "2026-01-05" } ], "cwes": [ @@ -2001,8 +2148,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2061,8 +2208,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2146,8 +2293,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2206,8 +2353,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2282,8 +2429,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2342,8 +2489,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2423,8 +2570,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2483,8 +2630,8 @@ { "cve": "CVE-2018-5709", "epss": 0.00463, - "percentile": 0.63555, - "date": "2025-12-22" + "percentile": 0.63595, + "date": "2026-01-05" } ], "cwes": [ @@ -2548,12 +2695,12 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -2570,66 +2717,33 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ], "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.019499999999999997 + "advisories": [], + "risk": 0.020249999999999997 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -2646,24 +2760,10 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00026, - "percentile": 0.06547, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-9086", + "epss": 0.00027, + "percentile": 0.06827, + "date": "2026-01-05" } ] } @@ -2678,30 +2778,201 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-9230", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.17-1~deb12u3" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.019499999999999997 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + ], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9230", + "epss": 0.00026, + "percentile": 0.06485, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u2" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.17-1~deb12u3" + } + } + ], + "artifact": { + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } @@ -2753,9 +3024,9 @@ "epss": [ { "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" } ], "cwes": [ @@ -2771,7 +3042,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0182 + "risk": 0.01875 }, "relatedVulnerabilities": [ { @@ -2817,9 +3088,9 @@ "epss": [ { "cve": "CVE-2019-1010024", - "epss": 0.00364, - "percentile": 0.57868, - "date": "2025-12-22" + "epss": 0.00375, + "percentile": 0.58563, + "date": "2026-01-05" } ], "cwes": [ @@ -2902,155 +3173,52 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00034, - "percentile": 0.09464, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.01785 + "risk": 0.0173 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.1.0" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0178 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} }, @@ -3058,29 +3226,33 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2019-1010025", - "epss": 0.00356, - "percentile": 0.5729, - "date": "2025-12-22" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00346, + "percentile": 0.56621, + "date": "2026-01-05" } ] } @@ -3101,7 +3273,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2019-1010023", "versionConstraint": "none (unknown)" } } @@ -3155,86 +3327,107 @@ }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2025-9232", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9232", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.17-1~deb12u3" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0173 + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.01526 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00346, - "percentile": 0.56632, - "date": "2025-12-22" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07216, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3249,43 +3442,46 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.17-1~deb12u3" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } @@ -3293,37 +3489,41 @@ ], "language": "", "licenses": [ - "GPL-2", - "LGPL-2.1" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9086", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3331,10 +3531,111 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-29478", + "epss": 0.00028, + "percentile": 0.07448, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.0147 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.0" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "namespace": "debian:distro:debian:12", + "severity": "Low", + "urls": [], + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12817", + "epss": 0.00046, + "percentile": 0.13998, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { @@ -3342,41 +3643,46 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.0165 + "risk": 0.014029999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00022, - "percentile": 0.05057, - "date": "2025-12-22" + "cve": "CVE-2025-12817", + "epss": 0.00046, + "percentile": 0.13998, + "date": "2026-01-05" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12817", + "cwe": "CWE-862", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -3391,27 +3697,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2025-12817", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -3420,37 +3726,37 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "curl" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -3460,32 +3766,43 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.015950000000000002 + "risk": 0.012650000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, + "baseScore": 5, + "exploitabilityScore": 10, "impactScore": 2.9 }, "vendorMetadata": {} @@ -3493,16 +3810,16 @@ ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00319, - "percentile": 0.54444, - "date": "2025-12-22" + "cve": "CVE-2019-1010025", + "epss": 0.00253, + "percentile": 0.48404, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -3525,7 +3842,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -3579,85 +3896,57 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9232", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.01526 + "advisories": [], + "risk": 0.011100000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -3668,17 +3957,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07214, - "date": "2025-12-22" + "cve": "CVE-2024-2236", + "epss": 0.00222, + "percentile": 0.44676, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-2236", + "cwe": "CWE-208", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -3686,7 +3975,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3694,187 +3983,122 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", - "namespace": "debian:distro:debian:12", - "severity": "Low", - "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" + "cve": "CVE-2025-29477", + "epss": 0.00021, + "percentile": 0.04866, + "date": "2026-01-05" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.014029999999999999 + "risk": 0.011025000000000002 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" - ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12817", - "epss": 0.00046, - "percentile": 0.14122, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.1.0" + } }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } @@ -3883,14 +4107,10 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", - "upstreams": [ - { - "name": "postgresql-15" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] } }, { @@ -3906,8 +4126,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ @@ -3971,8 +4191,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.44164, - "date": "2025-12-22" + "percentile": 0.44076, + "date": "2026-01-05" } ], "cwes": [ @@ -4056,8 +4276,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4104,8 +4324,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4189,8 +4409,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4237,8 +4457,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4313,8 +4533,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4361,8 +4581,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4442,8 +4662,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4490,8 +4710,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.43087, - "date": "2025-12-22" + "percentile": 0.42999, + "date": "2026-01-05" } ], "cwes": [ @@ -4566,8 +4786,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ @@ -4623,8 +4843,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42777, - "date": "2025-12-22" + "percentile": 0.42677, + "date": "2026-01-05" } ], "cwes": [ @@ -4686,225 +4906,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00019, - "percentile": 0.04131, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.009975000000000001 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.1.0" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0095 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.0019, - "percentile": 0.41173, - "date": "2025-12-22" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2019-1010022", @@ -4918,8 +4919,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -4980,8 +4981,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00145, - "percentile": 0.35461, - "date": "2025-12-22" + "percentile": 0.35381, + "date": "2026-01-05" } ], "cwes": [ @@ -5075,8 +5076,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -5142,8 +5143,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -5224,8 +5225,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -5291,8 +5292,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32957, - "date": "2025-12-22" + "percentile": 0.32883, + "date": "2026-01-05" } ], "cwes": [ @@ -5369,8 +5370,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -5429,8 +5430,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32235, - "date": "2025-12-22" + "percentile": 0.32169, + "date": "2026-01-05" } ], "cwes": [ @@ -5514,8 +5515,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -5564,8 +5565,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -5640,8 +5641,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -5690,8 +5691,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28456, - "date": "2025-12-22" + "percentile": 0.28422, + "date": "2026-01-05" } ], "cwes": [ @@ -5762,8 +5763,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5812,8 +5813,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5888,8 +5889,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -5938,8 +5939,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26916, - "date": "2025-12-22" + "percentile": 0.26874, + "date": "2026-01-05" } ], "cwes": [ @@ -6010,8 +6011,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -6058,8 +6059,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -6143,8 +6144,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -6191,8 +6192,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -6267,8 +6268,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -6315,8 +6316,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -6396,8 +6397,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -6444,8 +6445,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00081, - "percentile": 0.24386, - "date": "2025-12-22" + "percentile": 0.24306, + "date": "2026-01-05" } ], "cwes": [ @@ -6520,8 +6521,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -6587,8 +6588,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -6669,8 +6670,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -6736,8 +6737,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00057, - "percentile": 0.17908, - "date": "2025-12-22" + "percentile": 0.1794, + "date": "2026-01-05" } ], "cwes": [ @@ -6814,8 +6815,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6875,8 +6876,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -6983,8 +6984,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7044,8 +7045,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7120,8 +7121,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7181,8 +7182,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7285,8 +7286,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7346,8 +7347,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7445,8 +7446,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7506,8 +7507,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15592, - "date": "2025-12-22" + "percentile": 0.15601, + "date": "2026-01-05" } ], "cwes": [ @@ -7605,8 +7606,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -7653,8 +7654,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00035, - "percentile": 0.10112, - "date": "2025-12-22" + "percentile": 0.10049, + "date": "2026-01-05" } ], "cwes": [ @@ -7750,8 +7751,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ], "fix": { @@ -7792,8 +7793,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00017, - "percentile": 0.03248, - "date": "2025-12-22" + "percentile": 0.03198, + "date": "2026-01-05" } ] } @@ -8233,87 +8234,87 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2025-12-23T00:24:18Z_1766478014.tar.zst?checksum=sha256%3Ae8d76c30b9c487568af6b3940c95161c3a65b67e8d34b49c37440d543fe8ca7b", - "built": "2025-12-23T08:20:14Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-06T00:25:09Z_1767687639.tar.zst?checksum=sha256%3A1fd1f8bcca9377daa6056edb6196d8252dd351815b869818a921962d142d7e93", + "built": "2026-01-06T08:20:39Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2025-12-23T00:24:25Z", - "input": "xxh64:a0d50876ed3bfef6" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:4eae1d77b8a0f455" }, "alpine": { - "captured": "2025-12-23T00:24:31Z", - "input": "xxh64:6a9af73c1b13dd4b" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:b01e9a463f72a0a3" }, "amazon": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:886f9a7b971e6745" + "captured": "2026-01-06T00:25:19Z", + "input": "xxh64:797913a31aeb97c6" }, "bitnami": { - "captured": "2025-12-23T00:24:27Z", - "input": "xxh64:495c042c59659c08" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:b81ec6c1646df104" }, "chainguard": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:c691ab80b2754c8f" + "captured": "2026-01-06T00:25:18Z", + "input": "xxh64:958f8a7a5ce8b8f1" }, "chainguard-libraries": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:30983f84d2688b78" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:c330b4370abaf913" }, "debian": { - "captured": "2025-12-23T00:24:28Z", - "input": "xxh64:5e32f478cf3083fa" + "captured": "2026-01-06T00:25:21Z", + "input": "xxh64:b990b4f7f4ad682d" }, "echo": { - "captured": "2025-12-23T00:24:24Z", - "input": "xxh64:63fbb43ebfaec107" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:fbc5fa4b65890402" }, "epss": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:dd877704d2f5a4ed" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:aaf3fbb78cbe1cdc" }, "github": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:07975ad47a62557d" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:0f93c4907f06627c" }, "kev": { - "captured": "2025-12-23T00:24:37Z", - "input": "xxh64:41c85ebd6bbcbc08" + "captured": "2026-01-06T00:25:14Z", + "input": "xxh64:8e5322bd5e207e22" }, "mariner": { - "captured": "2025-12-23T00:24:18Z", - "input": "xxh64:d8b5dca08509a7a7" + "captured": "2026-01-06T00:25:09Z", + "input": "xxh64:db866b3cd7040249" }, "minimos": { - "captured": "2025-12-23T00:24:33Z", - "input": "xxh64:076c209bb5998164" + "captured": "2026-01-06T00:25:24Z", + "input": "xxh64:f42034ef527c7777" }, "nvd": { - "captured": "2025-12-23T00:27:56Z", - "input": "xxh64:ccc83265aa9cea92" + "captured": "2026-01-06T00:29:21Z", + "input": "xxh64:6fba233c746ef810" }, "oracle": { - "captured": "2025-12-23T00:24:29Z", - "input": "xxh64:36332479d0982e56" + "captured": "2026-01-06T00:25:16Z", + "input": "xxh64:9a0a46d6bfff9afc" }, "rhel": { - "captured": "2025-12-23T00:25:15Z", - "input": "xxh64:1ce812e755bd4bb6" + "captured": "2026-01-06T00:26:09Z", + "input": "xxh64:e660505fe41f9229" }, "sles": { - "captured": "2025-12-23T00:24:50Z", - "input": "xxh64:f7ca658ee4776d51" + "captured": "2026-01-06T00:25:29Z", + "input": "xxh64:2a5ac1bc7a6d3475" }, "ubuntu": { - "captured": "2025-12-23T00:26:17Z", - "input": "xxh64:e50bf5ae51f5c5ee" + "captured": "2026-01-06T00:26:33Z", + "input": "xxh64:0662920b9d3483c8" }, "wolfi": { - "captured": "2025-12-23T00:24:30Z", - "input": "xxh64:8c5ae6485f6873cb" + "captured": "2026-01-06T00:25:15Z", + "input": "xxh64:c0a3c40113b5e884" } } } diff --git a/docs/security/oss/grype-4.1.0.md b/docs/security/oss/grype-4.1.0.md index 6ec6a4e..0ec0745 100644 --- a/docs/security/oss/grype-4.1.0.md +++ b/docs/security/oss/grype-4.1.0.md @@ -8,15 +8,15 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | fluent-bit | 4.1.0 | [CVE-2025-12977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12977) | Critical | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | fluent-bit | 4.1.0 | [CVE-2025-12970](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12970) | High | -| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | High | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | fluent-bit | 4.1.0 | [CVE-2025-12978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12978) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-12969](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12969) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-12972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12972) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| fluent-bit | 4.1.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | +| fluent-bit | 4.1.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | @@ -25,22 +25,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible |