Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-12086 (GCVE-0-2024-12086)
Vulnerability from cvelistv5 – Published: 2025-01-14 17:37 – Updated: 2026-06-29 23:43- CWE-390 - Detection of Error Condition Without Action
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHBA-2025:6470 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19368 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:20603 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:29197 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2024-12086 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2330577 | issue-trackingx_refsource_REDHAT |
| https://kb.cert.org/vuls/id/952657 | |
| https://github.com/google/security-research/secur… | exploit |
| https://security.netapp.com/advisory/ntap-2025013… | |
| https://lists.debian.org/debian-lts-announce/2025… | |
| https://www.kb.cert.org/vuls/id/952657 |
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , ≤ 3.3.0
(semver)
|
|||
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:3.4.1-2.el10 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:3.2.5-7.el9_8 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
0:3.2.5-3.el9_6.1 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/o:redhat:rhel_eus:9.6::baseos |
|
| Red Hat | Red Hat Discovery 2 |
Unaffected:
1782166952 , < *
(rpm)
cpe:/a:redhat:discovery:2::el9 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12086",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:14:25.165183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T14:20:53.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:14.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/952657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/RsyncProject/rsync",
"defaultStatus": "unaffected",
"packageName": "rsync",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.4.1-2.el10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.5-7.el9_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.5-7.el9_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream",
"cpe:/o:redhat:rhel_eus:9.6::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.5-3.el9_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782166952",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
}
],
"datePublic": "2025-01-14T15:06:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-390",
"description": "Detection of Error Condition Without Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T23:43:41.776Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBA-2025:6470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2025:6470"
},
{
"name": "RHSA-2026:19368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19368"
},
{
"name": "RHSA-2026:20603",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20603"
},
{
"name": "RHSA-2026:29197",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-12086"
},
{
"name": "RHBZ#2330577",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
},
{
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-05T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-01-14T15:06:00.000Z",
"value": "Made public."
}
],
"title": "Rsync: rsync server leaks arbitrary client files",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-390: Detection of Error Condition Without Action"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-12086",
"datePublished": "2025-01-14T17:37:54.960Z",
"dateReserved": "2024-12-03T08:57:58.397Z",
"dateUpdated": "2026-06-29T23:43:41.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-12086",
"date": "2026-07-05",
"epss": "0.01761",
"percentile": "0.75292"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-12086\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-01-14T18:15:25.297\",\"lastModified\":\"2026-06-30T00:16:48.400\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en rsync que podr\u00eda permitir que un servidor enumere el contenido de un archivo arbitrario de la m\u00e1quina del cliente. Este problema ocurre cuando se copian archivos de un cliente a un servidor. Durante este proceso, el servidor rsync enviar\u00e1 sumas de comprobaci\u00f3n de datos locales al cliente para que las compare y determine qu\u00e9 datos deben enviarse al servidor. Al enviar valores de suma de comprobaci\u00f3n especialmente creados para archivos arbitrarios, un atacante puede reconstruir los datos de esos archivos byte por byte en funci\u00f3n de las respuestas del cliente.\"}],\"affected\":[{\"source\":\"secalert@redhat.com\",\"affectedData\":[{\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://github.com/RsyncProject/rsync\",\"packageName\":\"rsync\",\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"3.3.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rsync\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.0\"],\"versions\":[{\"version\":\"0:3.4.1-2.el10\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rsync\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\",\"cpe:/o:redhat:enterprise_linux:9::baseos\"],\"versions\":[{\"version\":\"0:3.2.5-7.el9_8\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rsync\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\",\"cpe:/o:redhat:enterprise_linux:9::baseos\"],\"versions\":[{\"version\":\"0:3.2.5-7.el9_8\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9.6 Extended Update Support\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rsync\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\",\"cpe:/o:redhat:rhel_eus:9.6::baseos\"],\"versions\":[{\"version\":\"0:3.2.5-3.el9_6.1\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Discovery 2\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://catalog.redhat.com/software/containers/\",\"packageName\":\"discovery/discovery-ui-rhel9\",\"cpes\":[\"cpe:/a:redhat:discovery:2::el9\"],\"versions\":[{\"version\":\"1782166952\",\"lessThan\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 6\",\"defaultStatus\":\"unknown\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rsync\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"unknown\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rsync\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rsync\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"collectionURL\":\"https://access.redhat.com/downloads/content/package-browser/\",\"packageName\":\"rhcos\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":4.0}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-02-26T14:14:25.165183Z\",\"id\":\"CVE-2024-12086\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-390\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.0\",\"matchCriteriaId\":\"477D69AB-8601-4994-9695-8DE48E1587A5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:almalinux:almalinux:8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F34AA7F4-6ECE-4FA5-A310-3509648BD7C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:almalinux:almalinux:9.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"57B93E9A-1483-4FF7-BF45-BD0D7D9F1747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:almalinux:almalinux:10.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"66FD02F3-C1C2-4E1D-98C1-8889004437D4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:archlinux:arch_linux:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4824AE2D-462B-477D-9206-3E2090A32146\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92121D8A-529E-454A-BC8D-B6E0017E615D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"24.11\",\"matchCriteriaId\":\"213883D5-9E62-4496-82E3-D5377995C257\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FB65EF0-0E6A-4178-8564-3CC96891A072\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:tritondatacenter:smartos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20250123\",\"matchCriteriaId\":\"8EBD774C-F48F-45EC-A5DD-B1E56E54EF71\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHBA-2025:6470\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19368\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20603\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29197\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-12086\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2330577\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://kb.cert.org/vuls/id/952657\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250131-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kb.cert.org/vuls/id/952657\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250131-0002/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/952657\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:52:14.220Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-12086\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-26T14:14:25.165183Z\"}}}], \"references\": [{\"url\": \"https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-14T18:42:03.159Z\"}}], \"cna\": {\"title\": \"Rsync: rsync server leaks arbitrary client files\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.3.0\"}], \"packageName\": \"rsync\", \"collectionURL\": \"https://github.com/RsyncProject/rsync\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.4.1-2.el10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rsync\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.2.5-7.el9_8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rsync\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.2.5-7.el9_8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rsync\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::appstream\", \"cpe:/o:redhat:rhel_eus:9.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.6 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.2.5-3.el9_6.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"rsync\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:discovery:2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Discovery 2\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1782166952\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"discovery/discovery-ui-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"rsync\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"rsync\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"rsync\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"packageName\": \"rhcos\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-12-05T00:00:00.000Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-01-14T15:06:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-01-14T15:06:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHBA-2025:6470\", \"name\": \"RHBA-2025:6470\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19368\", \"name\": \"RHSA-2026:19368\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20603\", \"name\": \"RHSA-2026:20603\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29197\", \"name\": \"RHSA-2026:29197\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-12086\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2330577\", \"name\": \"RHBZ#2330577\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://kb.cert.org/vuls/id/952657\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-390\", \"description\": \"Detection of Error Condition Without Action\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-06-29T23:43:41.776Z\"}, \"x_redhatCweChain\": \"CWE-390: Detection of Error Condition Without Action\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-12086\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-29T23:43:41.776Z\", \"dateReserved\": \"2024-12-03T08:57:58.397Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-01-14T17:37:54.960Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2024-12086
Vulnerability from fkie_nvd - Published: 2025-01-14 18:15 - Updated: 2026-06-30 00:166.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
| Vendor | Product | Version | |
|---|---|---|---|
| samba | rsync | * | |
| redhat | openshift_container_platform | 4.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux | 10.0 | |
| almalinux | almalinux | 8.0 | |
| almalinux | almalinux | 9.0 | |
| almalinux | almalinux | 10.0 | |
| archlinux | arch_linux | - | |
| gentoo | linux | - | |
| nixos | nixos | * | |
| suse | suse_linux | - | |
| tritondatacenter | smartos | * |
{
"affected": [
{
"affectedData": [
{
"collectionURL": "https://github.com/RsyncProject/rsync",
"defaultStatus": "unaffected",
"packageName": "rsync",
"versions": [
{
"lessThanOrEqual": "3.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.4.1-2.el10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.5-7.el9_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.5-7.el9_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream",
"cpe:/o:redhat:rhel_eus:9.6::baseos"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.2.5-3.el9_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1782166952",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "rsync",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"source": "secalert@redhat.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*",
"matchCriteriaId": "477D69AB-8601-4994-9695-8DE48E1587A5",
"versionEndIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:almalinux:almalinux:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F34AA7F4-6ECE-4FA5-A310-3509648BD7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:almalinux:almalinux:9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "57B93E9A-1483-4FF7-BF45-BD0D7D9F1747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:almalinux:almalinux:10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "66FD02F3-C1C2-4E1D-98C1-8889004437D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:archlinux:arch_linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4824AE2D-462B-477D-9206-3E2090A32146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92121D8A-529E-454A-BC8D-B6E0017E615D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "213883D5-9E62-4496-82E3-D5377995C257",
"versionEndExcluding": "24.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB65EF0-0E6A-4178-8564-3CC96891A072",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tritondatacenter:smartos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EBD774C-F48F-45EC-A5DD-B1E56E54EF71",
"versionEndExcluding": "20250123",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en rsync que podr\u00eda permitir que un servidor enumere el contenido de un archivo arbitrario de la m\u00e1quina del cliente. Este problema ocurre cuando se copian archivos de un cliente a un servidor. Durante este proceso, el servidor rsync enviar\u00e1 sumas de comprobaci\u00f3n de datos locales al cliente para que las compare y determine qu\u00e9 datos deben enviarse al servidor. Al enviar valores de suma de comprobaci\u00f3n especialmente creados para archivos arbitrarios, un atacante puede reconstruir los datos de esos archivos byte por byte en funci\u00f3n de las respuestas del cliente."
}
],
"id": "CVE-2024-12086",
"lastModified": "2026-06-30T00:16:48.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.0,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2024-12086",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:14:25.165183Z",
"version": "2.0.3"
}
}
]
},
"published": "2025-01-14T18:15:25.297",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHBA-2025:6470"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:19368"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:20603"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-12086"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.cert.org/vuls/id/952657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/952657"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-390"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
GHSA-82C6-8MFC-C23H
Vulnerability from github – Published: 2025-01-14 18:32 – Updated: 2026-06-24 18:32A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
{
"affected": [],
"aliases": [
"CVE-2024-12086"
],
"database_specific": {
"cwe_ids": [
"CWE-390"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T18:15:25Z",
"severity": "MODERATE"
},
"details": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.",
"id": "GHSA-82c6-8mfc-c23h",
"modified": "2026-06-24T18:32:24Z",
"published": "2025-01-14T18:32:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12086"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2025:6470"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19368"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20603"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-12086"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
},
{
"type": "WEB",
"url": "https://kb.cert.org/vuls/id/952657"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250131-0002"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/952657"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2024-12086
Vulnerability from csaf_microsoft - Published: 2025-01-02 00:00 - Updated: 2026-02-21 02:51| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17120-17086 | — | ||
| Unresolved product id: 17490-17084 | — | ||
| Unresolved product id: 19944-17086 | — | ||
| Unresolved product id: 19946-17084 | — |
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12086 Rsync: rsync server leaks arbitrary client files - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2024-12086.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Rsync: rsync server leaks arbitrary client files",
"tracking": {
"current_release_date": "2026-02-21T02:51:30.000Z",
"generator": {
"date": "2026-03-04T09:14:22.662Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-12086",
"initial_release_date": "2025-01-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-01-19T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-01-23T00:00:00.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2025-06-20T00:00:00.000Z",
"legacy_version": "2.1",
"number": "3",
"summary": "Added rsync to CBL-Mariner 2.0\nAdded rsync to Azure Linux 3.0"
},
{
"date": "2025-06-21T00:00:00.000Z",
"legacy_version": "2.2",
"number": "4",
"summary": "Added rsync to CBL-Mariner 2.0\nAdded rsync to Azure Linux 3.0"
},
{
"date": "2025-06-22T00:00:00.000Z",
"legacy_version": "2.3",
"number": "5",
"summary": "Added rsync to CBL-Mariner 2.0\nAdded rsync to Azure Linux 3.0"
},
{
"date": "2026-02-21T02:51:30.000Z",
"legacy_version": "2.4",
"number": "6",
"summary": "Information published."
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 rsync 3.4.1-1",
"product": {
"name": "\u003ccbl2 rsync 3.4.1-1",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "cbl2 rsync 3.4.1-1",
"product": {
"name": "cbl2 rsync 3.4.1-1",
"product_id": "17120"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 rsync 3.4.1-1",
"product": {
"name": "\u003cazl3 rsync 3.4.1-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 rsync 3.4.1-1",
"product": {
"name": "azl3 rsync 3.4.1-1",
"product_id": "17490"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 rsync 3.2.5-1",
"product": {
"name": "\u003ccbl2 rsync 3.2.5-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 rsync 3.2.5-1",
"product": {
"name": "cbl2 rsync 3.2.5-1",
"product_id": "19944"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 rsync 3.2.7-1",
"product": {
"name": "\u003cazl3 rsync 3.2.7-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 rsync 3.2.7-1",
"product": {
"name": "azl3 rsync 3.2.7-1",
"product_id": "19946"
}
}
],
"category": "product_name",
"name": "rsync"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 rsync 3.4.1-1 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 rsync 3.4.1-1 as a component of CBL Mariner 2.0",
"product_id": "17120-17086"
},
"product_reference": "17120",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 rsync 3.4.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rsync 3.4.1-1 as a component of Azure Linux 3.0",
"product_id": "17490-17084"
},
"product_reference": "17490",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 rsync 3.2.5-1 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 rsync 3.2.5-1 as a component of CBL Mariner 2.0",
"product_id": "19944-17086"
},
"product_reference": "19944",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 rsync 3.2.7-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rsync 3.2.7-1 as a component of Azure Linux 3.0",
"product_id": "19946-17084"
},
"product_reference": "19946",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12086",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"17120-17086",
"17490-17084",
"19944-17086",
"19946-17084"
],
"known_affected": [
"17086-4",
"17084-3",
"17086-2",
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12086 Rsync: rsync server leaks arbitrary client files - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2024-12086.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-19T00:00:00.000Z",
"details": "3.4.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-4",
"17084-3",
"17086-2",
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"17086-4",
"17084-3",
"17086-2",
"17084-1"
]
}
],
"title": "Rsync: rsync server leaks arbitrary client files"
}
]
}
NCSC-2025-0015
Vulnerability from csaf_ncscnl - Published: 2025-01-15 07:42 - Updated: 2025-01-15 07:42{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Rsync Project heeft kwetsbaarheden verholpen in Rsync (versies \u003c3.4.0).",
"title": "Feiten"
},
{
"category": "description",
"text": "De meest kritieke kwetsbaarheden in Rsync omvatten een heap-gebaseerde \u0027buffer overflow\u0027 (CVE-2024-12084) en een \u0027info leak\u0027 (CVE-2024-12085) die kunnen leiden tot willekeurige code-executie (aanwezig in Rsync-versies 3.2.7 \u0026 3.3.0). Daarnaast zijn er kwetsbaarheden gerelateerd aan \u0027path traversal\u0027 en onjuiste verificatie van symbolische links, wat kan leiden tot ongeautoriseerde toegang tot gevoelige gegevens en het schrijven van bestanden buiten de bedoelde directory. Deze kwetsbaarheden kunnen worden misbruikt door aanvallers om de beschikbaarheid, integriteit en vertrouwelijkheid in gevaar te brengen.\n\nGezien de bekendheid van Rsync en de brede implementatie verwacht het NCSC op korte termijn PoC code.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Rsync Project heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Path Traversal: \u0027.../...//\u0027",
"title": "CWE-35"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.kb.cert.org/vuls/id/952657"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://rsync.samba.org/ftp/rsync/NEWS.html#3.4.0"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://github.com/RsyncProject/rsync/releases/tag/v3.4.0"
}
],
"title": "Kwetsbaarheden verholpen in Rsync",
"tracking": {
"current_release_date": "2025-01-15T07:42:19.351539Z",
"id": "NCSC-2025-0015",
"initial_release_date": "2025-01-15T07:42:19.351539Z",
"revision_history": [
{
"date": "2025-01-15T07:42:19.351539Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"vulnerabilities": [
{
"cve": "CVE-2024-12084",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-12084",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-12084.json"
}
],
"title": "CVE-2024-12084"
},
{
"cve": "CVE-2024-12085",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-12085",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-12085.json"
}
],
"title": "CVE-2024-12085"
},
{
"cve": "CVE-2024-12086",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"notes": [
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-12086",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-12086.json"
}
],
"title": "CVE-2024-12086"
},
{
"cve": "CVE-2024-12087",
"cwe": {
"id": "CWE-35",
"name": "Path Traversal: \u0027.../...//\u0027"
},
"notes": [
{
"category": "other",
"text": "Path Traversal: \u0027.../...//\u0027",
"title": "CWE-35"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-12087",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-12087.json"
}
],
"title": "CVE-2024-12087"
},
{
"cve": "CVE-2024-12088",
"cwe": {
"id": "CWE-35",
"name": "Path Traversal: \u0027.../...//\u0027"
},
"notes": [
{
"category": "other",
"text": "Path Traversal: \u0027.../...//\u0027",
"title": "CWE-35"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-12088",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-12088.json"
}
],
"title": "CVE-2024-12088"
},
{
"cve": "CVE-2024-12747",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-12747",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-12747.json"
}
],
"title": "CVE-2024-12747"
}
]
}
OPENSUSE-SU-2025:14665-1
Vulnerability from csaf_opensuse - Published: 2025-01-18 00:00 - Updated: 2025-01-18 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rsync-3.4.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rsync-3.4.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14665",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14665-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12084 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12087 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12747 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12747/"
}
],
"title": "rsync-3.4.1-1.1 on GA media",
"tracking": {
"current_release_date": "2025-01-18T00:00:00Z",
"generator": {
"date": "2025-01-18T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14665-1",
"initial_release_date": "2025-01-18T00:00:00Z",
"revision_history": [
{
"date": "2025-01-18T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.4.1-1.1.aarch64",
"product": {
"name": "rsync-3.4.1-1.1.aarch64",
"product_id": "rsync-3.4.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.4.1-1.1.ppc64le",
"product": {
"name": "rsync-3.4.1-1.1.ppc64le",
"product_id": "rsync-3.4.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.4.1-1.1.s390x",
"product": {
"name": "rsync-3.4.1-1.1.s390x",
"product_id": "rsync-3.4.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.4.1-1.1.x86_64",
"product": {
"name": "rsync-3.4.1-1.1.x86_64",
"product_id": "rsync-3.4.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.4.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64"
},
"product_reference": "rsync-3.4.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.4.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le"
},
"product_reference": "rsync-3.4.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.4.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x"
},
"product_reference": "rsync-3.4.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.4.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
},
"product_reference": "rsync-3.4.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12084"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12084",
"url": "https://www.suse.com/security/cve/CVE-2024-12084"
},
{
"category": "external",
"summary": "SUSE Bug 1233760 for CVE-2024-12084",
"url": "https://bugzilla.suse.com/1233760"
},
{
"category": "external",
"summary": "SUSE Bug 1234100 for CVE-2024-12084",
"url": "https://bugzilla.suse.com/1234100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-18T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-12084"
},
{
"cve": "CVE-2024-12085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12085"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12085",
"url": "https://www.suse.com/security/cve/CVE-2024-12085"
},
{
"category": "external",
"summary": "SUSE Bug 1233760 for CVE-2024-12085",
"url": "https://bugzilla.suse.com/1233760"
},
{
"category": "external",
"summary": "SUSE Bug 1234101 for CVE-2024-12085",
"url": "https://bugzilla.suse.com/1234101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12085"
},
{
"cve": "CVE-2024-12086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12086"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12086",
"url": "https://www.suse.com/security/cve/CVE-2024-12086"
},
{
"category": "external",
"summary": "SUSE Bug 1233760 for CVE-2024-12086",
"url": "https://bugzilla.suse.com/1233760"
},
{
"category": "external",
"summary": "SUSE Bug 1234102 for CVE-2024-12086",
"url": "https://bugzilla.suse.com/1234102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12086"
},
{
"cve": "CVE-2024-12087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12087"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client\u0027s intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12087",
"url": "https://www.suse.com/security/cve/CVE-2024-12087"
},
{
"category": "external",
"summary": "SUSE Bug 1233760 for CVE-2024-12087",
"url": "https://bugzilla.suse.com/1233760"
},
{
"category": "external",
"summary": "SUSE Bug 1234103 for CVE-2024-12087",
"url": "https://bugzilla.suse.com/1234103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-12087"
},
{
"cve": "CVE-2024-12088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12088"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12088",
"url": "https://www.suse.com/security/cve/CVE-2024-12088"
},
{
"category": "external",
"summary": "SUSE Bug 1233760 for CVE-2024-12088",
"url": "https://bugzilla.suse.com/1233760"
},
{
"category": "external",
"summary": "SUSE Bug 1234104 for CVE-2024-12088",
"url": "https://bugzilla.suse.com/1234104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12088"
},
{
"cve": "CVE-2024-12747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12747"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync\u0027s handling of symbolic links. Rsync\u0027s default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12747",
"url": "https://www.suse.com/security/cve/CVE-2024-12747"
},
{
"category": "external",
"summary": "SUSE Bug 1233760 for CVE-2024-12747",
"url": "https://bugzilla.suse.com/1233760"
},
{
"category": "external",
"summary": "SUSE Bug 1235475 for CVE-2024-12747",
"url": "https://bugzilla.suse.com/1235475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rsync-3.4.1-1.1.aarch64",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.s390x",
"openSUSE Tumbleweed:rsync-3.4.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12747"
}
]
}
RHBA-2025:6470
Vulnerability from csaf_redhat - Published: 2025-05-13 08:18 - Updated: 2026-06-30 03:05A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rsync is now available for Red Hat Enterprise Linux 10.",
"title": "Topic"
},
{
"category": "general",
"text": "For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2025:6470",
"url": "https://access.redhat.com/errata/RHBA-2025:6470"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/10.0_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/10.0_release_notes/index"
},
{
"category": "external",
"summary": "RHEL-71293",
"url": "https://issues.redhat.com/browse/RHEL-71293"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhba-2025_6470.json"
}
],
"title": "Red Hat Bug Fix Advisory: rsync bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-30T03:05:18+00:00",
"generator": {
"date": "2026-06-30T03:05:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHBA-2025:6470",
"initial_release_date": "2025-05-13T08:18:15+00:00",
"revision_history": [
{
"date": "2025-05-13T08:18:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-13T08:18:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T03:05:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.GA",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.GA",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.4.1-2.el10.src",
"product": {
"name": "rsync-0:3.4.1-2.el10.src",
"product_id": "rsync-0:3.4.1-2.el10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.4.1-2.el10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.4.1-2.el10.aarch64",
"product": {
"name": "rsync-0:3.4.1-2.el10.aarch64",
"product_id": "rsync-0:3.4.1-2.el10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.4.1-2.el10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rsync-debugsource-0:3.4.1-2.el10.aarch64",
"product": {
"name": "rsync-debugsource-0:3.4.1-2.el10.aarch64",
"product_id": "rsync-debugsource-0:3.4.1-2.el10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debugsource@3.4.1-2.el10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"product": {
"name": "rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"product_id": "rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debuginfo@3.4.1-2.el10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.4.1-2.el10.ppc64le",
"product": {
"name": "rsync-0:3.4.1-2.el10.ppc64le",
"product_id": "rsync-0:3.4.1-2.el10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.4.1-2.el10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"product": {
"name": "rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"product_id": "rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debugsource@3.4.1-2.el10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"product": {
"name": "rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"product_id": "rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debuginfo@3.4.1-2.el10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.4.1-2.el10.x86_64",
"product": {
"name": "rsync-0:3.4.1-2.el10.x86_64",
"product_id": "rsync-0:3.4.1-2.el10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.4.1-2.el10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rsync-debugsource-0:3.4.1-2.el10.x86_64",
"product": {
"name": "rsync-debugsource-0:3.4.1-2.el10.x86_64",
"product_id": "rsync-debugsource-0:3.4.1-2.el10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debugsource@3.4.1-2.el10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"product": {
"name": "rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"product_id": "rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debuginfo@3.4.1-2.el10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.4.1-2.el10.s390x",
"product": {
"name": "rsync-0:3.4.1-2.el10.s390x",
"product_id": "rsync-0:3.4.1-2.el10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.4.1-2.el10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rsync-debugsource-0:3.4.1-2.el10.s390x",
"product": {
"name": "rsync-debugsource-0:3.4.1-2.el10.s390x",
"product_id": "rsync-debugsource-0:3.4.1-2.el10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debugsource@3.4.1-2.el10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rsync-debuginfo-0:3.4.1-2.el10.s390x",
"product": {
"name": "rsync-debuginfo-0:3.4.1-2.el10.s390x",
"product_id": "rsync-debuginfo-0:3.4.1-2.el10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debuginfo@3.4.1-2.el10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-daemon-0:3.4.1-2.el10.noarch",
"product": {
"name": "rsync-daemon-0:3.4.1-2.el10.noarch",
"product_id": "rsync-daemon-0:3.4.1-2.el10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-daemon@3.4.1-2.el10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rsync-rrsync-0:3.4.1-2.el10.noarch",
"product": {
"name": "rsync-rrsync-0:3.4.1-2.el10.noarch",
"product_id": "rsync-rrsync-0:3.4.1-2.el10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-rrsync@3.4.1-2.el10?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-daemon-0:3.4.1-2.el10.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch"
},
"product_reference": "rsync-daemon-0:3.4.1-2.el10.noarch",
"relates_to_product_reference": "AppStream-10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-rrsync-0:3.4.1-2.el10.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch"
},
"product_reference": "rsync-rrsync-0:3.4.1-2.el10.noarch",
"relates_to_product_reference": "AppStream-10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.4.1-2.el10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64"
},
"product_reference": "rsync-0:3.4.1-2.el10.aarch64",
"relates_to_product_reference": "BaseOS-10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.4.1-2.el10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le"
},
"product_reference": "rsync-0:3.4.1-2.el10.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.4.1-2.el10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x"
},
"product_reference": "rsync-0:3.4.1-2.el10.s390x",
"relates_to_product_reference": "BaseOS-10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.4.1-2.el10.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src"
},
"product_reference": "rsync-0:3.4.1-2.el10.src",
"relates_to_product_reference": "BaseOS-10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.4.1-2.el10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64"
},
"product_reference": "rsync-0:3.4.1-2.el10.x86_64",
"relates_to_product_reference": "BaseOS-10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debuginfo-0:3.4.1-2.el10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64"
},
"product_reference": "rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"relates_to_product_reference": "BaseOS-10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debuginfo-0:3.4.1-2.el10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le"
},
"product_reference": "rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debuginfo-0:3.4.1-2.el10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x"
},
"product_reference": "rsync-debuginfo-0:3.4.1-2.el10.s390x",
"relates_to_product_reference": "BaseOS-10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debuginfo-0:3.4.1-2.el10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64"
},
"product_reference": "rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"relates_to_product_reference": "BaseOS-10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debugsource-0:3.4.1-2.el10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64"
},
"product_reference": "rsync-debugsource-0:3.4.1-2.el10.aarch64",
"relates_to_product_reference": "BaseOS-10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debugsource-0:3.4.1-2.el10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le"
},
"product_reference": "rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debugsource-0:3.4.1-2.el10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x"
},
"product_reference": "rsync-debugsource-0:3.4.1-2.el10.s390x",
"relates_to_product_reference": "BaseOS-10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debugsource-0:3.4.1-2.el10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
},
"product_reference": "rsync-debugsource-0:3.4.1-2.el10.x86_64",
"relates_to_product_reference": "BaseOS-10.0.GA"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Simon Scannell",
"Pedro Gallegos",
"Jasiel Spelman"
],
"organization": "Google"
}
],
"cve": "CVE-2024-12084",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2024-12-05T09:32:44.653000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330527"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Heap Buffer Overflow in Rsync due to Improper Checksum Length Handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability only affects a limited range of Rsync versions, rsync-3.2.7 and rsync-3.3.0. Red Hat Enterprise Linux does not ship these versions of Rsync and is not affected.\n\nRed Hat considers the severity of this vulnerability to be Critical only in cases where anonymous read access is allowed. Depending on the configuration and implementation choices, the severity may be significantly reduced for your organization.\n\nIn all supported versions of Red Hat Enterprise Linux, Rsync is not configured to run as a service by default.\n\nThere are two different methods for utilizing Rsync from a remote system: contacting an Rsync daemon directly with TCP or using a remote-shell program as the transport (such as ssh or rsh). The risk of this vulnerability changes depending on which connection method is used.\n\nThe default configuration of an Rsync daemon (rsyncd) running as a service does not require authentication. While rsyncd can be configured to require users to provide valid credentials, anonymous read access is a common configuration used by file sharing and mirroring hosts. The capabilities of the rsyncd process may vary depending on the user configured to run the Rsync daemon. In this scenario, an attacker only requires anonymous read access to a Rsync server in order to trigger this vulnerability. \n\nRemote-shell programs provide a layer of defense because they enforce users to have valid credentials while initiating the shell connection. When Rsync is invoked via this method, it spawns as a child of the session and will not remain running indefinitely. Since the process is spawned within the security context of the user, an attacker who is able to exploit this vulnerability remains restricted to the capabilities of the user account used to initiate the session. Authentication and network restrictions significantly reduce the attack surface and restricting permissions for remote shell users is always encouraged to limit the impact of compromised credentials.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12084"
},
{
"category": "external",
"summary": "RHBZ#2330527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12084"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12084",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12084"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:18:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2025:6470"
},
{
"category": "workaround",
"details": "Red Hat recommends filtering untrusted connections to Rsync via firewall rules on the host and on network firewall appliances.\n\nAdditionally, systems which only need to provide remote Rsync access to users with known identities can enable authentication using the ```auth users``` parameter in their rsyncd configuration file (rsyncd.conf). \n\nSystems that provide anonymous read access to hosted files via Rsync, such as mirror hosts, do not have reasonable mitigation options available. We strongly urge operators using vulnerable versions of Rsync to update as soon as possible.",
"product_ids": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "rsync: Heap Buffer Overflow in Rsync due to Improper Checksum Length Handling"
},
{
"acknowledgments": [
{
"names": [
"Pedro Gallegos",
"Simon Scannell",
"Jasiel Spelman"
],
"organization": "Google"
}
],
"cve": "CVE-2024-12085",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"discovery_date": "2024-12-05T12:06:36.594000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330539"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Info Leak via Uninitialized Stack Contents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as having Important impact as it helps bypass Address Space Layout Randomization (ASLR). ASLR is a memory protection system which makes the exploitation of memory corruption vulnerabilities more difficult.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12085"
},
{
"category": "external",
"summary": "RHBZ#2330539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330539"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12085"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:18:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2025:6470"
},
{
"category": "workaround",
"details": "Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the `sum2` buffer, a potential mitigation involves compiling rsync with the `-ftrivial-auto-var-init=zero` option set. This mitigates the issue because it initializes the `sum2` variable\u0027s memory with zeroes to prevent uninitialized memory disclosure.",
"product_ids": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rsync: Info Leak via Uninitialized Stack Contents"
},
{
"acknowledgments": [
{
"names": [
"Jasiel Spelman",
"Simon Scannell",
"Pedro Gallegos"
],
"organization": "Google"
}
],
"cve": "CVE-2024-12086",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"discovery_date": "2024-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330577"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: rsync server leaks arbitrary client files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as moderate rather than important because it requires the attacker to control the rsync server, which limits the scope of exploitation to scenarios where the client interacts with untrusted or compromised servers. Additionally, the attack is non-trivial, as it relies on the attacker sending specially crafted checksum values and deducing file contents byte-by-byte based on the client\u2019s responses. This makes the exploit more complex and time-consuming compared to direct file access vulnerabilities. Furthermore, the impact is limited to file data enumeration, and it does not allow arbitrary code execution or privilege escalation on the client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12086"
},
{
"category": "external",
"summary": "RHBZ#2330577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12086"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:18:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2025:6470"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: rsync server leaks arbitrary client files"
},
{
"acknowledgments": [
{
"names": [
"Simon Scannell",
"Pedro Gallegos",
"Jasiel Spelman"
],
"organization": "Google"
}
],
"cve": "CVE-2024-12087",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-12-05T21:23:24.139000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330672"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client\u0027s intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Path traversal vulnerability in rsync",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this flaw to have moderate severity as it depends on specific configurations for the attack to succeed, symbolic link syncing must be enabled (explicitly by providing the `--links` option or implicitly such as with `--archive`) and the client must connect to a malicious or compromised server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12087"
},
{
"category": "external",
"summary": "RHBZ#2330672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330672"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12087",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12087"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:18:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2025:6470"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: Path traversal vulnerability in rsync"
},
{
"acknowledgments": [
{
"names": [
"Simon Scannell",
"Jasiel Spelman",
"Pedro Gallegos"
],
"organization": "Google"
}
],
"cve": "CVE-2024-12088",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-12-05T21:55:22.700000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330676"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: --safe-links option bypass leads to path traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability requires user interaction to be triggered, as the rsync client must first establish a connection/have access to the malicious rsync server (at least anonymous read-access).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12088"
},
{
"category": "external",
"summary": "RHBZ#2330676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330676"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12088",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12088"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:18:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2025:6470"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: --safe-links option bypass leads to path traversal"
},
{
"acknowledgments": [
{
"names": [
"Aleksei Gorban \"loqpa\""
]
}
],
"cve": "CVE-2024-12747",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2024-12-18T07:12:52.493000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2332968"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync\u0027s handling of symbolic links. Rsync\u0027s default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Race Condition in rsync Handling Symbolic Links",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12747"
},
{
"category": "external",
"summary": "RHBZ#2332968",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332968"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12747",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12747",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12747"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:18:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2025:6470"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.GA:rsync-daemon-0:3.4.1-2.el10.noarch",
"AppStream-10.0.GA:rsync-rrsync-0:3.4.1-2.el10.noarch",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.src",
"BaseOS-10.0.GA:rsync-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debuginfo-0:3.4.1-2.el10.x86_64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.aarch64",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.ppc64le",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.s390x",
"BaseOS-10.0.GA:rsync-debugsource-0:3.4.1-2.el10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: Race Condition in rsync Handling Symbolic Links"
}
]
}
RHSA-2026:19368
Vulnerability from csaf_redhat - Published: 2026-05-19 22:14 - Updated: 2026-07-01 19:39A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:rsync-daemon-0:3.2.5-7.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:rsync-rrsync-0:3.2.5-7.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in rsync. When rsync is configured to handle extended attributes (using the -X or --xattrs option), a remote attacker can exploit a use-after-free vulnerability. This occurs because the receive_xattr function incorrectly processes an untrusted length value during a sorting operation, leading to memory corruption. Successful exploitation can result in a denial of service, causing the rsync process to crash, and may potentially allow for arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:rsync-daemon-0:3.2.5-7.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:rsync-rrsync-0:3.2.5-7.el9_8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rsync is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.\n\nSecurity Fix(es):\n\n* rsync: rsync server leaks arbitrary client files (CVE-2024-12086)\n\n* rsync: Rsync: Use-after-free vulnerability in extended attribute handling (CVE-2026-41035)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:19368",
"url": "https://access.redhat.com/errata/RHSA-2026:19368"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2330577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
},
{
"category": "external",
"summary": "2458898",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458898"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19368.json"
}
],
"title": "Red Hat Security Advisory: rsync security update",
"tracking": {
"current_release_date": "2026-07-01T19:39:50+00:00",
"generator": {
"date": "2026-07-01T19:39:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:19368",
"initial_release_date": "2026-05-19T22:14:02+00:00",
"revision_history": [
{
"date": "2026-05-19T22:14:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-19T22:14:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T19:39:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.2.5-7.el9_8.src",
"product": {
"name": "rsync-0:3.2.5-7.el9_8.src",
"product_id": "rsync-0:3.2.5-7.el9_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.2.5-7.el9_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.2.5-7.el9_8.aarch64",
"product": {
"name": "rsync-0:3.2.5-7.el9_8.aarch64",
"product_id": "rsync-0:3.2.5-7.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.2.5-7.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rsync-debugsource-0:3.2.5-7.el9_8.aarch64",
"product": {
"name": "rsync-debugsource-0:3.2.5-7.el9_8.aarch64",
"product_id": "rsync-debugsource-0:3.2.5-7.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debugsource@3.2.5-7.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rsync-debuginfo-0:3.2.5-7.el9_8.aarch64",
"product": {
"name": "rsync-debuginfo-0:3.2.5-7.el9_8.aarch64",
"product_id": "rsync-debuginfo-0:3.2.5-7.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debuginfo@3.2.5-7.el9_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.2.5-7.el9_8.ppc64le",
"product": {
"name": "rsync-0:3.2.5-7.el9_8.ppc64le",
"product_id": "rsync-0:3.2.5-7.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.2.5-7.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rsync-debugsource-0:3.2.5-7.el9_8.ppc64le",
"product": {
"name": "rsync-debugsource-0:3.2.5-7.el9_8.ppc64le",
"product_id": "rsync-debugsource-0:3.2.5-7.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debugsource@3.2.5-7.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le",
"product": {
"name": "rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le",
"product_id": "rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debuginfo@3.2.5-7.el9_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.2.5-7.el9_8.x86_64",
"product": {
"name": "rsync-0:3.2.5-7.el9_8.x86_64",
"product_id": "rsync-0:3.2.5-7.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.2.5-7.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rsync-debugsource-0:3.2.5-7.el9_8.x86_64",
"product": {
"name": "rsync-debugsource-0:3.2.5-7.el9_8.x86_64",
"product_id": "rsync-debugsource-0:3.2.5-7.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debugsource@3.2.5-7.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rsync-debuginfo-0:3.2.5-7.el9_8.x86_64",
"product": {
"name": "rsync-debuginfo-0:3.2.5-7.el9_8.x86_64",
"product_id": "rsync-debuginfo-0:3.2.5-7.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debuginfo@3.2.5-7.el9_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.2.5-7.el9_8.s390x",
"product": {
"name": "rsync-0:3.2.5-7.el9_8.s390x",
"product_id": "rsync-0:3.2.5-7.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.2.5-7.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rsync-debugsource-0:3.2.5-7.el9_8.s390x",
"product": {
"name": "rsync-debugsource-0:3.2.5-7.el9_8.s390x",
"product_id": "rsync-debugsource-0:3.2.5-7.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debugsource@3.2.5-7.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rsync-debuginfo-0:3.2.5-7.el9_8.s390x",
"product": {
"name": "rsync-debuginfo-0:3.2.5-7.el9_8.s390x",
"product_id": "rsync-debuginfo-0:3.2.5-7.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debuginfo@3.2.5-7.el9_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-daemon-0:3.2.5-7.el9_8.noarch",
"product": {
"name": "rsync-daemon-0:3.2.5-7.el9_8.noarch",
"product_id": "rsync-daemon-0:3.2.5-7.el9_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-daemon@3.2.5-7.el9_8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rsync-rrsync-0:3.2.5-7.el9_8.noarch",
"product": {
"name": "rsync-rrsync-0:3.2.5-7.el9_8.noarch",
"product_id": "rsync-rrsync-0:3.2.5-7.el9_8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-rrsync@3.2.5-7.el9_8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-daemon-0:3.2.5-7.el9_8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:rsync-daemon-0:3.2.5-7.el9_8.noarch"
},
"product_reference": "rsync-daemon-0:3.2.5-7.el9_8.noarch",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-rrsync-0:3.2.5-7.el9_8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:rsync-rrsync-0:3.2.5-7.el9_8.noarch"
},
"product_reference": "rsync-rrsync-0:3.2.5-7.el9_8.noarch",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.2.5-7.el9_8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.aarch64"
},
"product_reference": "rsync-0:3.2.5-7.el9_8.aarch64",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.2.5-7.el9_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.ppc64le"
},
"product_reference": "rsync-0:3.2.5-7.el9_8.ppc64le",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.2.5-7.el9_8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.s390x"
},
"product_reference": "rsync-0:3.2.5-7.el9_8.s390x",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.2.5-7.el9_8.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.src"
},
"product_reference": "rsync-0:3.2.5-7.el9_8.src",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.2.5-7.el9_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.x86_64"
},
"product_reference": "rsync-0:3.2.5-7.el9_8.x86_64",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debuginfo-0:3.2.5-7.el9_8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.aarch64"
},
"product_reference": "rsync-debuginfo-0:3.2.5-7.el9_8.aarch64",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le"
},
"product_reference": "rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debuginfo-0:3.2.5-7.el9_8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.s390x"
},
"product_reference": "rsync-debuginfo-0:3.2.5-7.el9_8.s390x",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debuginfo-0:3.2.5-7.el9_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.x86_64"
},
"product_reference": "rsync-debuginfo-0:3.2.5-7.el9_8.x86_64",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debugsource-0:3.2.5-7.el9_8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.aarch64"
},
"product_reference": "rsync-debugsource-0:3.2.5-7.el9_8.aarch64",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debugsource-0:3.2.5-7.el9_8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.ppc64le"
},
"product_reference": "rsync-debugsource-0:3.2.5-7.el9_8.ppc64le",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debugsource-0:3.2.5-7.el9_8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.s390x"
},
"product_reference": "rsync-debugsource-0:3.2.5-7.el9_8.s390x",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debugsource-0:3.2.5-7.el9_8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.x86_64"
},
"product_reference": "rsync-debugsource-0:3.2.5-7.el9_8.x86_64",
"relates_to_product_reference": "BaseOS-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jasiel Spelman",
"Simon Scannell",
"Pedro Gallegos"
],
"organization": "Google"
}
],
"cve": "CVE-2024-12086",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"discovery_date": "2024-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330577"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: rsync server leaks arbitrary client files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as moderate rather than important because it requires the attacker to control the rsync server, which limits the scope of exploitation to scenarios where the client interacts with untrusted or compromised servers. Additionally, the attack is non-trivial, as it relies on the attacker sending specially crafted checksum values and deducing file contents byte-by-byte based on the client\u2019s responses. This makes the exploit more complex and time-consuming compared to direct file access vulnerabilities. Furthermore, the impact is limited to file data enumeration, and it does not allow arbitrary code execution or privilege escalation on the client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:rsync-daemon-0:3.2.5-7.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:rsync-rrsync-0:3.2.5-7.el9_8.noarch",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12086"
},
{
"category": "external",
"summary": "RHBZ#2330577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12086"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T22:14:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:rsync-daemon-0:3.2.5-7.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:rsync-rrsync-0:3.2.5-7.el9_8.noarch",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19368"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:rsync-daemon-0:3.2.5-7.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:rsync-rrsync-0:3.2.5-7.el9_8.noarch",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:rsync-daemon-0:3.2.5-7.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:rsync-rrsync-0:3.2.5-7.el9_8.noarch",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: rsync server leaks arbitrary client files"
},
{
"cve": "CVE-2026-41035",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2026-04-16T08:00:54.200357+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458898"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. When rsync is configured to handle extended attributes (using the -X or --xattrs option), a remote attacker can exploit a use-after-free vulnerability. This occurs because the receive_xattr function incorrectly processes an untrusted length value during a sorting operation, leading to memory corruption. Successful exploitation can result in a denial of service, causing the rsync process to crash, and may potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Rsync: Use-after-free vulnerability in extended attribute handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in rsync that allows a remote attacker to cause a denial of service or potentially execute arbitrary code. The vulnerability is present when rsync is used with extended attributes enabled via the `-X` or `--xattrs` option, which is not a default configuration. Exploitation requires the victim to explicitly enable this feature.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:rsync-daemon-0:3.2.5-7.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:rsync-rrsync-0:3.2.5-7.el9_8.noarch",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41035"
},
{
"category": "external",
"summary": "RHBZ#2458898",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458898"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41035"
},
{
"category": "external",
"summary": "https://github.com/RsyncProject/rsync/issues/871",
"url": "https://github.com/RsyncProject/rsync/issues/871"
},
{
"category": "external",
"summary": "https://github.com/RsyncProject/rsync/releases",
"url": "https://github.com/RsyncProject/rsync/releases"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2026/04/16/2",
"url": "https://www.openwall.com/lists/oss-security/2026/04/16/2"
}
],
"release_date": "2026-04-16T06:53:05.237000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-19T22:14:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:rsync-daemon-0:3.2.5-7.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:rsync-rrsync-0:3.2.5-7.el9_8.noarch",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19368"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, avoid using the -X or --xattrs options with rsync if extended attribute handling is not essential for your operations. Disabling these options prevents the vulnerable code path from being exercised. This may impact functionality that relies on extended attributes.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:rsync-daemon-0:3.2.5-7.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:rsync-rrsync-0:3.2.5-7.el9_8.noarch",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:rsync-daemon-0:3.2.5-7.el9_8.noarch",
"AppStream-9.8.0.Z.MAIN.EUS:rsync-rrsync-0:3.2.5-7.el9_8.noarch",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.src",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debuginfo-0:3.2.5-7.el9_8.x86_64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.aarch64",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.ppc64le",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.s390x",
"BaseOS-9.8.0.Z.MAIN.EUS:rsync-debugsource-0:3.2.5-7.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rsync: Rsync: Use-after-free vulnerability in extended attribute handling"
}
]
}
RHSA-2026:20603
Vulnerability from csaf_redhat - Published: 2026-05-26 05:39 - Updated: 2026-07-01 19:39A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64 | — |
Workaround
|
An out of bounds read flaw has been discovered in rsync. A malicious client acting as the receiver of an rsync file transfer can trigger an OOB read via a negative array index. The rsync client requires at least read access to the remote rsync module to trigger the issue.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64 | — |
Workaround
|
A flaw was found in rsync. When rsync is configured to handle extended attributes (using the -X or --xattrs option), a remote attacker can exploit a use-after-free vulnerability. This occurs because the receive_xattr function incorrectly processes an untrusted length value during a sorting operation, leading to memory corruption. Successful exploitation can result in a denial of service, causing the rsync process to crash, and may potentially allow for arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64 | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x | — |
Workaround
|
|
| Unresolved product id: BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rsync is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.\n\nSecurity Fix(es):\n\n* rsync: rsync server leaks arbitrary client files (CVE-2024-12086)\n\n* rsync: Rsync: Out of bounds array access via negative index (CVE-2025-10158)\n\n* rsync: Rsync: Use-after-free vulnerability in extended attribute handling (CVE-2026-41035)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:20603",
"url": "https://access.redhat.com/errata/RHSA-2026:20603"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2330577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
},
{
"category": "external",
"summary": "2415637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415637"
},
{
"category": "external",
"summary": "2458898",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458898"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_20603.json"
}
],
"title": "Red Hat Security Advisory: rsync security update",
"tracking": {
"current_release_date": "2026-07-01T19:39:49+00:00",
"generator": {
"date": "2026-07-01T19:39:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:20603",
"initial_release_date": "2026-05-26T05:39:45+00:00",
"revision_history": [
{
"date": "2026-05-26T05:39:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-26T05:39:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T19:39:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"product": {
"name": "rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"product_id": "rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-daemon@3.2.5-3.el9_6.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"product": {
"name": "rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"product_id": "rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-rrsync@3.2.5-3.el9_6.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.2.5-3.el9_6.1.src",
"product": {
"name": "rsync-0:3.2.5-3.el9_6.1.src",
"product_id": "rsync-0:3.2.5-3.el9_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.2.5-3.el9_6.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.2.5-3.el9_6.1.aarch64",
"product": {
"name": "rsync-0:3.2.5-3.el9_6.1.aarch64",
"product_id": "rsync-0:3.2.5-3.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.2.5-3.el9_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"product": {
"name": "rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"product_id": "rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debugsource@3.2.5-3.el9_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"product": {
"name": "rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"product_id": "rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debuginfo@3.2.5-3.el9_6.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.2.5-3.el9_6.1.ppc64le",
"product": {
"name": "rsync-0:3.2.5-3.el9_6.1.ppc64le",
"product_id": "rsync-0:3.2.5-3.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.2.5-3.el9_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"product": {
"name": "rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"product_id": "rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debugsource@3.2.5-3.el9_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"product": {
"name": "rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"product_id": "rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debuginfo@3.2.5-3.el9_6.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.2.5-3.el9_6.1.x86_64",
"product": {
"name": "rsync-0:3.2.5-3.el9_6.1.x86_64",
"product_id": "rsync-0:3.2.5-3.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.2.5-3.el9_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64",
"product": {
"name": "rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64",
"product_id": "rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debugsource@3.2.5-3.el9_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"product": {
"name": "rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"product_id": "rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debuginfo@3.2.5-3.el9_6.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-0:3.2.5-3.el9_6.1.s390x",
"product": {
"name": "rsync-0:3.2.5-3.el9_6.1.s390x",
"product_id": "rsync-0:3.2.5-3.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync@3.2.5-3.el9_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"product": {
"name": "rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"product_id": "rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debugsource@3.2.5-3.el9_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"product": {
"name": "rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"product_id": "rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rsync-debuginfo@3.2.5-3.el9_6.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-daemon-0:3.2.5-3.el9_6.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch"
},
"product_reference": "rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-rrsync-0:3.2.5-3.el9_6.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch"
},
"product_reference": "rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.2.5-3.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64"
},
"product_reference": "rsync-0:3.2.5-3.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.2.5-3.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le"
},
"product_reference": "rsync-0:3.2.5-3.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.2.5-3.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x"
},
"product_reference": "rsync-0:3.2.5-3.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.2.5-3.el9_6.1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src"
},
"product_reference": "rsync-0:3.2.5-3.el9_6.1.src",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-0:3.2.5-3.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64"
},
"product_reference": "rsync-0:3.2.5-3.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64"
},
"product_reference": "rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le"
},
"product_reference": "rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x"
},
"product_reference": "rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64"
},
"product_reference": "rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64"
},
"product_reference": "rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le"
},
"product_reference": "rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debugsource-0:3.2.5-3.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x"
},
"product_reference": "rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64"
},
"product_reference": "rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jasiel Spelman",
"Simon Scannell",
"Pedro Gallegos"
],
"organization": "Google"
}
],
"cve": "CVE-2024-12086",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"discovery_date": "2024-12-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330577"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: rsync server leaks arbitrary client files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as moderate rather than important because it requires the attacker to control the rsync server, which limits the scope of exploitation to scenarios where the client interacts with untrusted or compromised servers. Additionally, the attack is non-trivial, as it relies on the attacker sending specially crafted checksum values and deducing file contents byte-by-byte based on the client\u2019s responses. This makes the exploit more complex and time-consuming compared to direct file access vulnerabilities. Furthermore, the impact is limited to file data enumeration, and it does not allow arbitrary code execution or privilege escalation on the client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64"
],
"known_not_affected": [
"AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12086"
},
{
"category": "external",
"summary": "RHBZ#2330577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12086"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T05:39:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20603"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: rsync server leaks arbitrary client files"
},
{
"cve": "CVE-2025-10158",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2025-11-18T15:01:12.887910+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415637"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read flaw has been discovered in rsync. A malicious client acting as the receiver of an rsync file transfer can trigger an OOB read via a negative array index. The rsync client requires at least read access to the remote rsync module to trigger the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Rsync: Out of bounds array access via negative index",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64"
],
"known_not_affected": [
"AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-10158"
},
{
"category": "external",
"summary": "RHBZ#2415637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415637"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-10158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10158"
},
{
"category": "external",
"summary": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1",
"url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"
},
{
"category": "external",
"summary": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f",
"url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"
}
],
"release_date": "2025-11-18T14:24:19.210000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T05:39:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20603"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: Rsync: Out of bounds array access via negative index"
},
{
"cve": "CVE-2026-41035",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2026-04-16T08:00:54.200357+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458898"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. When rsync is configured to handle extended attributes (using the -X or --xattrs option), a remote attacker can exploit a use-after-free vulnerability. This occurs because the receive_xattr function incorrectly processes an untrusted length value during a sorting operation, leading to memory corruption. Successful exploitation can result in a denial of service, causing the rsync process to crash, and may potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Rsync: Use-after-free vulnerability in extended attribute handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in rsync that allows a remote attacker to cause a denial of service or potentially execute arbitrary code. The vulnerability is present when rsync is used with extended attributes enabled via the `-X` or `--xattrs` option, which is not a default configuration. Exploitation requires the victim to explicitly enable this feature.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64"
],
"known_not_affected": [
"AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41035"
},
{
"category": "external",
"summary": "RHBZ#2458898",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458898"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41035"
},
{
"category": "external",
"summary": "https://github.com/RsyncProject/rsync/issues/871",
"url": "https://github.com/RsyncProject/rsync/issues/871"
},
{
"category": "external",
"summary": "https://github.com/RsyncProject/rsync/releases",
"url": "https://github.com/RsyncProject/rsync/releases"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2026/04/16/2",
"url": "https://www.openwall.com/lists/oss-security/2026/04/16/2"
}
],
"release_date": "2026-04-16T06:53:05.237000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-26T05:39:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:20603"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, avoid using the -X or --xattrs options with rsync if extended attribute handling is not essential for your operations. Disabling these options prevents the vulnerable code path from being exercised. This may impact functionality that relies on extended attributes.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:rsync-daemon-0:3.2.5-3.el9_6.1.noarch",
"AppStream-9.6.0.Z.EUS:rsync-rrsync-0:3.2.5-3.el9_6.1.noarch",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:rsync-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debuginfo-0:3.2.5-3.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:rsync-debugsource-0:3.2.5-3.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rsync: Rsync: Use-after-free vulnerability in extended attribute handling"
}
]
}
RHSA-2026:29197
Vulnerability from csaf_redhat - Published: 2026-06-24 16:29 - Updated: 2026-07-05 14:33A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Workaround
|
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.
CWE-179 - Incorrect Behavior Order: Early Validation| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
|
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.
CWE-208 - Observable Timing Discrepancy| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
|
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI's intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
A flaw was found in OpenSSL. A signed integer overflow vulnerability exists when sizing the destination buffer for Unicode output. This can lead to a heap buffer overflow, which may result in a crash or potentially allow an attacker to execute arbitrary code. Exploitation requires an application to directly call specific functions with a large amount of attacker-controlled input.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax (CMS) data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key (KEK) cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leading to a Denial of Service (DoS). This vulnerability does not require password knowledge and can be exploited before authentication.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open(), redirecting reads (basis-file disclosure) and writes (file overwrite) outside the module. Under elevated daemon privilege this allows privilege escalation. Default "use chroot = yes" is not exposed. Reach: local attacker on the daemon host, write access to a module path, daemon configured with use chroot = no.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Workaround
|
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. An integer truncation vulnerability in the ASN.1 decoder can occur when processing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes. A remote attacker could exploit this to cause a heap buffer over-read. This may lead to an application crash, resulting in a Denial of Service (DoS), or potentially disclose sensitive information by loading memory contents beyond the input buffer. This issue primarily affects 64-bit Unix and Unix-like platforms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS#12 (Public-Key Cryptography Standards #12) files that use Password-Based Message Authentication Code 1 (PBMAC1) with short HMAC (Hash-based Message Authentication Code) keys. This can lead to a service accepting attacker-controlled certificates and private keys with a 1 in 256 probability, potentially enabling impersonation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL's Cryptographic Message Services (CMS) AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity validation. Consequently, an attacker may achieve key-equivalent functionality for a given CMS recipient.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL's QUIC PATH_CHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATH_CHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates PATH_RESPONSE frames without them being acknowledged. The primary consequence is a Denial of Service (DoS), causing the affected application to terminate abnormally due to memory exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in rsync. When rsync is configured to handle extended attributes (using the -X or --xattrs option), a remote attacker can exploit a use-after-free vulnerability. This occurs because the receive_xattr function incorrectly processes an untrusted length value during a sorting operation, leading to memory corruption. Successful exploitation can result in a denial of service, causing the rsync process to crash, and may potentially allow for arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Workaround
|
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
|
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
|
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
|
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
|
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
|
A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
|
A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
|
A flaw was found in the OpenSSL QUIC (Quick UDP Internet Connections) server. A remote attacker could send a specially crafted QUIC initial packet with an invalid token. If the server's address validation is explicitly disabled, this could lead to a NULL pointer dereference, causing the server process to terminate abnormally and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. A remote attacker could exploit a NULL pointer dereference vulnerability in the Cryptographic Message Syntax (CMS) decryption process by providing a specially crafted password-encrypted CMS message. This occurs because the keyDerivationAlgorithm field, which is optional, is dereferenced without proper validation. Successful exploitation leads to an application crash, resulting in a Denial of Service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol (CMP) server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format (CRMF) CertRepMessage with a specific malformed EncryptedValue structure, would trigger a NULL pointer dereference in the OpenSSL CMP client. This vulnerability leads to a crash of the application, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL's CMS_decrypt() and PKCS7_decrypt() functions. This vulnerability, a Bleichenbacher-style oracle, could allow a remote attacker to decrypt or sign messages using the victim's private RSA key. Exploitation requires the attacker to provide specially crafted CMS or S/MIME messages and observe the application's error codes or decryption output. While the attack is technically possible, the specific conditions required make it unlikely to be exploited in typical deployments.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Certificate Management Protocol (CMP) implementation within OpenSSL. An attacker with existing Registration Authority (RA) level credentials could exploit an error in the certificate verification process during a Root Certificate Authority (CA) key update. This vulnerability allows the attacker to replace the root CA certificate for CMP clients with a fraudulent one. The primary consequence is an escalation of privileges, enabling the attacker to gain control equivalent to the root CA.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. A malicious peer can exploit this vulnerability by presenting a specially crafted DHX (X9.42) peer key. Due to improper validation of the peer key's subgroup membership, an attacker can recover the victim's private key after a small number of key exchange attempts. This information disclosure can lead to unauthorized access or further compromise of affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in rsync. An authenticated daemon peer can exploit an integer overflow vulnerability in the compressed-token decoder. By carefully manipulating the compressed-token, a malicious sender can trigger an overflow, leading to remote memory disclosure. This allows an attacker to leak sensitive process memory contents, including environment variables, passwords, and memory pointers, which significantly weakens Address Space Layout Randomization (ASLR) and can facilitate further exploitation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Workaround
|
A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Workaround
|
A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Workaround
|
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Workaround
|
A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface (EVP_Cipher()) will have their provided Initialization Vector (IV) silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the confidentiality of encrypted data. Additionally, this issue allows for the universal forgery of authentication tags, undermining the integrity of communications.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. The implementations of AES-SIV (Advanced Encryption Standard - SIV) and AES-GCM-SIV (Advanced Encryption Standard - Galois/Counter Mode - SIV) incorrectly process authentication tags for empty messages. This vulnerability allows a remote attacker to forge empty messages with arbitrary Additional Authenticated Data (AAD) in applications that utilize these specific cipher modes within custom protocols and do not properly handle zero-length ciphertexts. This could lead to unauthorized data manipulation.
CWE-347 - Improper Verification of Cryptographic Signature| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. When processing a specially crafted PKCS#7 or S/MIME (Secure/Multipurpose Internet Mail Extensions) signed message, a heap use-after-free vulnerability in the PKCS7_verify() function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, leading to incorrect memory deallocation. A remote attacker could exploit this to cause application crashes, memory corruption, or potentially achieve remote code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:29197",
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12086",
"url": "https://access.redhat.com/security/cve/CVE-2024-12086"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14087",
"url": "https://access.redhat.com/security/cve/CVE-2025-14087"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14512",
"url": "https://access.redhat.com/security/cve/CVE-2025-14512"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28390",
"url": "https://access.redhat.com/security/cve/CVE-2026-28390"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29518",
"url": "https://access.redhat.com/security/cve/CVE-2026-29518"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33845",
"url": "https://access.redhat.com/security/cve/CVE-2026-33845"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33846",
"url": "https://access.redhat.com/security/cve/CVE-2026-33846"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34180",
"url": "https://access.redhat.com/security/cve/CVE-2026-34180"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34181",
"url": "https://access.redhat.com/security/cve/CVE-2026-34181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34182",
"url": "https://access.redhat.com/security/cve/CVE-2026-34182"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34183",
"url": "https://access.redhat.com/security/cve/CVE-2026-34183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3832",
"url": "https://access.redhat.com/security/cve/CVE-2026-3832"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3833",
"url": "https://access.redhat.com/security/cve/CVE-2026-3833"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40355",
"url": "https://access.redhat.com/security/cve/CVE-2026-40355"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40356",
"url": "https://access.redhat.com/security/cve/CVE-2026-40356"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4046",
"url": "https://access.redhat.com/security/cve/CVE-2026-4046"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41035",
"url": "https://access.redhat.com/security/cve/CVE-2026-41035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42009",
"url": "https://access.redhat.com/security/cve/CVE-2026-42009"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42010",
"url": "https://access.redhat.com/security/cve/CVE-2026-42010"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42011",
"url": "https://access.redhat.com/security/cve/CVE-2026-42011"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42012",
"url": "https://access.redhat.com/security/cve/CVE-2026-42012"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42013",
"url": "https://access.redhat.com/security/cve/CVE-2026-42013"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42014",
"url": "https://access.redhat.com/security/cve/CVE-2026-42014"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42015",
"url": "https://access.redhat.com/security/cve/CVE-2026-42015"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42764",
"url": "https://access.redhat.com/security/cve/CVE-2026-42764"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42766",
"url": "https://access.redhat.com/security/cve/CVE-2026-42766"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42767",
"url": "https://access.redhat.com/security/cve/CVE-2026-42767"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42768",
"url": "https://access.redhat.com/security/cve/CVE-2026-42768"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42769",
"url": "https://access.redhat.com/security/cve/CVE-2026-42769"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42770",
"url": "https://access.redhat.com/security/cve/CVE-2026-42770"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43618",
"url": "https://access.redhat.com/security/cve/CVE-2026-43618"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4437",
"url": "https://access.redhat.com/security/cve/CVE-2026-4437"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4438",
"url": "https://access.redhat.com/security/cve/CVE-2026-4438"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44486",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44492",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44494",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45186",
"url": "https://access.redhat.com/security/cve/CVE-2026-45186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45445",
"url": "https://access.redhat.com/security/cve/CVE-2026-45445"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45446",
"url": "https://access.redhat.com/security/cve/CVE-2026-45446"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45447",
"url": "https://access.redhat.com/security/cve/CVE-2026-45447"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45736",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48779",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4878",
"url": "https://access.redhat.com/security/cve/CVE-2026-4878"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-5260",
"url": "https://access.redhat.com/security/cve/CVE-2026-5260"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-5419",
"url": "https://access.redhat.com/security/cve/CVE-2026-5419"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6322",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-7383",
"url": "https://access.redhat.com/security/cve/CVE-2026-7383"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9076",
"url": "https://access.redhat.com/security/cve/CVE-2026-9076"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9277",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29197.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-07-05T14:33:31+00:00",
"generator": {
"date": "2026-07-05T14:33:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:29197",
"initial_release_date": "2026-06-24T16:29:56+00:00",
"revision_history": [
{
"date": "2026-06-24T16:29:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-24T16:30:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-05T14:33:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc?arch=amd64\u0026repository_url=registry.redhat.io/discovery/discovery-server-rhel9\u0026tag=1782159791"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b?arch=amd64\u0026repository_url=registry.redhat.io/discovery/discovery-ui-rhel9\u0026tag=1782166952"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Accd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34?arch=arm64\u0026repository_url=registry.redhat.io/discovery/discovery-server-rhel9\u0026tag=1782159791"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75?arch=arm64\u0026repository_url=registry.redhat.io/discovery/discovery-ui-rhel9\u0026tag=1782166952"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jasiel Spelman",
"Simon Scannell",
"Pedro Gallegos"
],
"organization": "Google"
}
],
"cve": "CVE-2024-12086",
"cwe": {
"id": "CWE-390",
"name": "Detection of Error Condition Without Action"
},
"discovery_date": "2024-12-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330577"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: rsync server leaks arbitrary client files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as moderate rather than important because it requires the attacker to control the rsync server, which limits the scope of exploitation to scenarios where the client interacts with untrusted or compromised servers. Additionally, the attack is non-trivial, as it relies on the attacker sending specially crafted checksum values and deducing file contents byte-by-byte based on the client\u2019s responses. This makes the exploit more complex and time-consuming compared to direct file access vulnerabilities. Furthermore, the impact is limited to file data enumeration, and it does not allow arbitrary code execution or privilege escalation on the client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12086"
},
{
"category": "external",
"summary": "RHBZ#2330577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12086"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/952657",
"url": "https://kb.cert.org/vuls/id/952657"
}
],
"release_date": "2025-01-14T15:06:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rsync: rsync server leaks arbitrary client files"
},
{
"acknowledgments": [
{
"names": [
"Sovereign Tech Resilience program"
],
"organization": "Sovereign Tech Agency"
},
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2025-14087",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-12-05T08:35:24.744000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419093"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glib: GLib: Buffer underflow in GVariant parser leads to heap corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The highest threat is to system availability due to potential application crashes when processing maliciously crafted input strings through GLib\u0027s GVariant parser. This issue affects applications that utilize g_variant_parse() on untrusted data, leading to memory corruption and possible denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14087"
},
{
"category": "external",
"summary": "RHBZ#2419093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419093"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3834",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3834"
}
],
"release_date": "2025-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glib: GLib: Buffer underflow in GVariant parser leads to heap corruption"
},
{
"acknowledgments": [
{
"names": [
"Codean Labs"
]
}
],
"cve": "CVE-2025-14512",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-12-11T06:22:59.701000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2421339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib\u0027s GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products because an integer overflow in GLib\u0027s GIO `escape_byte_string()` function can lead to a heap buffer overflow and denial-of-service. This occurs when processing specially crafted file or remote filesystem attribute values, requiring an attacker to provide malicious input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14512"
},
{
"category": "external",
"summary": "RHBZ#2421339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2421339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3845",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3845"
}
],
"release_date": "2025-12-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow"
},
{
"cve": "CVE-2026-3832",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2026-03-09T13:41:32.810000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445762"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue has a LOW impact. A flaw in gnutls\u0027 OCSP stapling implementation allows a client with OCSP verification enabled to accept a revoked server certificate. This occurs when a multi-record OCSP response is stapled, and the client incorrectly reads the certificate status from an unrelated record, leading to an order-dependent acceptance of a revoked certificate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3832"
},
{
"category": "external",
"summary": "RHBZ#2445762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3832",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3832"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3832",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3832"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/gnutls/-/issues/1801",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1801"
}
],
"release_date": "2026-04-30T17:29:25.738000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response"
},
{
"cve": "CVE-2026-3833",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2026-03-09T14:02:09.783000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445763"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is particularly important because it affects the correct enforcement of X.509 nameConstraints, which are specifically designed to limit the authority of subordinate CAs. In GnuTLS, the use of case-sensitive comparisons (memcmp) for dNSName and the domain portion of rfc822Name violates the case-insensitive matching requirements defined in RFC 5280 and RFC 4343. As a result, a constrained subordinate CA can bypass excludedSubtrees or permittedSubtrees restrictions simply by changing the letter casing of a domain in the SAN (e.g., ExAmPlE.CoM vs example.com). Since nameConstraints are often the only mechanism enforcing domain boundaries in delegated PKI hierarchies, this flaw effectively allows a malicious or compromised sub-CA to issue certificates for domains that should be cryptographically prohibited, enabling unauthorized certificate validation and potential TLS impersonation of restricted services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3833"
},
{
"category": "external",
"summary": "RHBZ#2445763",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445763"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3833",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3833"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/gnutls/-/issues/1803",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1803"
}
],
"release_date": "2026-04-30T17:26:28.969000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison"
},
{
"cve": "CVE-2026-4046",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2026-03-30T18:01:19.326391+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453117"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glibc, the GNU C Library. A remote attacker could exploit this vulnerability by providing specially crafted inputs using the IBM1390 or IBM1399 character sets to the `iconv()` function. This could lead to an assertion failure, causing the application to crash and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Denial of Service via iconv() function with specific character sets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The availability impact posed by this flaw is limited on Red Hat systems. The affected iconv() function has been separated out into a an independent package (`glibc-gconv-extra`) and is not used in system critical software. Some applications do rely on this package and may be affected, but they are either interactive applications or are configured to restart in the event of a crash.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4046"
},
{
"category": "external",
"summary": "RHBZ#2453117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453117"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4046",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4046"
},
{
"category": "external",
"summary": "https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/",
"url": "https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33980",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33980"
},
{
"category": "external",
"summary": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD",
"url": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD"
}
],
"release_date": "2026-03-30T17:16:11.021000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: glibc: Denial of Service via iconv() function with specific character sets"
},
{
"cve": "CVE-2026-4437",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-20T21:01:45.993907+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glibc (the GNU C Library). When an application uses the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend, a remote attacker can send a specially crafted DNS (Domain Name System) response. This crafted response can cause the application to incorrectly interpret a non-answer section of the DNS response as a valid answer, leading to potential misbehavior or incorrect information processing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact flaw in glibc allows a remote attacker to send a specially crafted DNS response when an application uses `gethostbyaddr` or `gethostbyaddr_r` with glibc\u0027s DNS backend configured in `nsswitch.conf`. This can lead to incorrect interpretation of DNS responses. Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10, as well as OpenShift Container Platform, are affected if applications are configured to use the vulnerable DNS backend.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4437"
},
{
"category": "external",
"summary": "RHBZ#2449777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4437",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4437"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4437"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34014"
}
],
"release_date": "2026-03-20T19:59:00.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response"
},
{
"cve": "CVE-2026-4438",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2026-03-20T21:02:16.458842+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449783"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the GNU C library (glibc). When applications use the `gethostbyaddr` or `gethostbyaddr_r` functions with a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to applications receiving incorrect hostname information, potentially impacting network operations or security decisions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a LOW impact flaw where glibc\u0027s `gethostbyaddr` and `gethostbyaddr_r` functions may return an invalid DNS hostname. This occurs when applications use a `nsswitch.conf` configuration that specifies glibc\u0027s DNS backend. This could lead to applications receiving incorrect hostname information, potentially affecting network operations or security decisions on Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4438"
},
{
"category": "external",
"summary": "RHBZ#2449783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4438",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4438"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4438"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=34015",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34015"
}
],
"release_date": "2026-03-20T19:59:06.064000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions"
},
{
"acknowledgments": [
{
"names": [
"Ali Raza"
]
}
],
"cve": "CVE-2026-4878",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-03-26T06:56:21.213270+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451615"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw. A Time-of-Check-to-Time-of-Use (TOCTOU) race condition in libcap\u0027s cap_set_file() allows a local unprivileged user to escalate privileges. An attacker with write access to a parent directory can exploit a narrow window during file capability updates to redirect capabilities to an attacker-controlled file. This can lead to the injection of elevated privileges into an unintended executable when privileged processes, such as setcap or container tooling, invoke cap_set_file() on attacker-influenced paths.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4878"
},
{
"category": "external",
"summary": "RHBZ#2451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4878"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2447554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447554"
}
],
"release_date": "2026-04-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-5260",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2026-05-06T19:50:31.302000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467450"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Information disclosure via heap overread in RSA key exchange",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5260"
},
{
"category": "external",
"summary": "RHBZ#2467450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5260",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5260"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5260",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5260"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: gnutls: Information disclosure via heap overread in RSA key exchange"
},
{
"acknowledgments": [
{
"names": [
"Doria Tang"
],
"organization": "Stony Brook University"
}
],
"cve": "CVE-2026-5419",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2026-05-07T11:02:44.331000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467686"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5419"
},
{
"category": "external",
"summary": "RHBZ#2467686",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467686"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5419",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5419"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5419",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5419"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-13",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-13"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal"
},
{
"cve": "CVE-2026-6322",
"cwe": {
"id": "CWE-140",
"name": "Improper Neutralization of Delimiters"
},
"discovery_date": "2026-05-05T11:01:00.332189+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI\u0027s intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the `fast-uri` library allows an attacker to bypass security controls in Red Hat products that process Uniform Resource Identifiers (URIs). By crafting a malicious URI with percent-encoded authority delimiters, an attacker can cause the library to incorrectly interpret the URI\u0027s authority, potentially redirecting applications to an unintended domain. This could lead to a bypass of host allowlist checks, redirect validation, or outbound request routing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "RHBZ#2466684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
}
],
"release_date": "2026-05-05T10:29:16.378000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling"
},
{
"cve": "CVE-2026-7383",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-05-27T13:08:15.013000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481879"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A signed integer overflow vulnerability exists when sizing the destination buffer for Unicode output. This can lead to a heap buffer overflow, which may result in a crash or potentially allow an attacker to execute arbitrary code. Exploitation requires an application to directly call specific functions with a large amount of attacker-controlled input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low impact. This flaw in OpenSSL\u0027s ASN1_mbstring_ncopy() function, leading to a heap buffer overflow, is difficult to exploit in typical Red Hat environments. Exploitation requires an application to directly call the vulnerable function with an extremely large, attacker-controlled input (over half a gigabyte), a scenario not present in standard OpenSSL certificate or network protocol handling.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-7383"
},
{
"category": "external",
"summary": "RHBZ#2481879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481879"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-7383",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7383"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-7383",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7383"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing"
},
{
"cve": "CVE-2026-9076",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-05-27T13:10:14.368000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481880"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax (CMS) data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key (KEK) cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leading to a Denial of Service (DoS). This vulnerability does not require password knowledge and can be exploited before authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a Low impact denial of service due to a heap out-of-bounds read in `kek_unwrap_key()` when processing attacker-supplied CMS data with an attacker-chosen stream-mode KEK cipher. This flaw requires specific memory conditions (input buffer ending at a page boundary with an unmapped following page) to trigger a crash, which is uncommon in typical Red Hat environments. No information disclosure is possible, and FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9076"
},
{
"category": "external",
"summary": "RHBZ#2481880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9076",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9076"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption"
},
{
"cve": "CVE-2026-9277",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-22T14:01:14.427751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "RHBZ#2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote",
"url": "https://github.com/ljharb/shell-quote"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/commit/1518179",
"url": "https://github.com/ljharb/shell-quote/commit/1518179"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p",
"url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/shell-quote",
"url": "https://www.npmjs.com/package/shell-quote"
}
],
"release_date": "2026-05-22T13:22:38.873000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators"
},
{
"cve": "CVE-2026-28390",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-04-07T23:01:18.313921+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456314"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been rated as moderate by redhat because the vulnerability is limited to a denial-of-service condition caused by a NULL pointer dereference in OpenSSL CMS processing, without evidence of memory corruption or code execution, furthermore the Affected functionality is niche. The vulnerable path requires:\nCMS/S/MIME processing,\nspecifically CMS_decrypt(),\nwith RSA-OAEP KeyTransportRecipientInfo.\nMany OpenSSL consumers never use CMS APIs, never process S/MIME,\nor do not decrypt attacker-controlled CMS objects.\nSo exposure is far narrower than a generic TLS parsing vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28390"
},
{
"category": "external",
"summary": "RHBZ#2456314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456314"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28390"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc",
"url": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6",
"url": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4",
"url": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788",
"url": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788"
},
{
"category": "external",
"summary": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75",
"url": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T22:00:54.172000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Applications that process Cryptographic Message Syntax (CMS) EnvelopedData messages should be configured to only accept input from trusted sources. Restricting network access to services that process untrusted CMS data can also reduce exposure to this Denial of Service vulnerability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing"
},
{
"cve": "CVE-2026-29518",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-05-11T13:09:31.417000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2469055"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. An rsync daemon configured with \"use chroot = no\" is exposed\nto a time-of-check / time-of-use race on parent path components. A local\nattacker with write access to a module can replace a parent directory\ncomponent with a symlink between the receiver\u0027s check and its open(),\nredirecting reads (basis-file disclosure) and writes (file overwrite)\noutside the module. Under elevated daemon privilege this allows privilege\nescalation. Default \"use chroot = yes\" is not exposed.\nReach: local attacker on the daemon host, write access to a module path,\ndaemon configured with use chroot = no.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw, a Time-of-Check Time-of-Use (TOCTOU) race condition, allows a local attacker with write access to an rsync module path to achieve privilege escalation. This vulnerability specifically impacts rsync daemons configured with `use chroot = no`. Red Hat\u0027s default rsync daemon configuration utilizes `use chroot = yes`, which is not susceptible to this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29518"
},
{
"category": "external",
"summary": "RHBZ#2469055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2469055"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29518",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29518"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29518",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29518"
}
],
"release_date": "2026-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "To prevent exploitation, ensure the rsync daemon is configured with `use chroot = yes`. This setting, which is the default, isolates the rsync process and prevents the symlink race condition. If `use chroot = no` is present in the rsync configuration (e.g., `/etc/rsyncd.conf`), it must be changed to `use chroot = yes`. A restart of the rsync service is required for any configuration changes to take effect.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot."
},
{
"cve": "CVE-2026-33845",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"discovery_date": "2026-03-24T05:35:59.740000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue marked as Important severity due to its remote, pre-authentication reachability and its impact on a critical DTLS handshake parsing path. The vulnerability can be triggered by an unauthenticated attacker sending crafted DTLS handshake fragments, requiring no prior access or interaction. It leads to an out-of-bounds read caused by an integer underflow in fragment reassembly, operating entirely on attacker-controlled input. Such flaws in low-level protocol parsing are particularly serious, as they may result in disclosure of sensitive process memory, including cryptographic or session-related data, and can also cause reliable application crashes leading to denial of service. Given that DTLS is commonly used in network-facing services such as VPNs and real-time communication systems, the exposure surface is broad. The combination of unauthenticated remote exploitation, memory safety violation, and potential confidentiality and availability impact justifies classifying this issue as high severity rather than moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33845"
},
{
"category": "external",
"summary": "RHBZ#2450624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33845"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845"
}
],
"release_date": "2026-04-30T17:28:41.473000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment"
},
{
"cve": "CVE-2026-33846",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2026-03-24T05:38:09.899000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450625"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability should be classified as an important flaw rather than moderate because it exposes a pre-authentication, remotely reachable heap buffer overflow in the DTLS handshake processing path, which is part of the core protocol handling logic and commonly exposed in network-facing services. The flaw enables an attacker to inject controlled data at attacker-chosen offsets and sizes beyond allocated heap boundaries by exploiting inconsistent message_length handling across fragments, effectively creating a constrained but meaningful heap write primitive. Unlike benign memory safety bugs, this condition is deterministically triggerable with a small number of crafted packets and no environmental dependencies for denial-of-service, and it targets a long-lived parsing state where memory corruption can affect adjacent heap structures. Even if reliable code execution requires additional heap manipulation or layout knowledge, the combination of remote reachability, lack of authentication, controlled memory corruption capability, and trivial crashability significantly elevates the risk profile beyond moderate severity. In real-world deployments, such primitives are often sufficient to enable heap grooming and exploitation chains, particularly in services that repeatedly process attacker-controlled input, making this a materially important security flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33846"
},
{
"category": "external",
"summary": "RHBZ#2450625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33846"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33846"
}
],
"release_date": "2026-05-04T08:53:59.249000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly"
},
{
"cve": "CVE-2026-34180",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-05-27T13:10:51.985000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481881"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. An integer truncation vulnerability in the ASN.1 decoder can occur when processing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes. A remote attacker could exploit this to cause a heap buffer over-read. This may lead to an application crash, resulting in a Denial of Service (DoS), or potentially disclose sensitive information by loading memory contents beyond the input buffer. This issue primarily affects 64-bit Unix and Unix-like platforms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low impact vulnerability in OpenSSL\u0027s ASN.1 decoder affects 64-bit Unix-like platforms, where processing a crafted DER-encoded ASN.1 structure exceeding 2 gigabytes can lead to a heap buffer over-read. This may result in application crashes (Denial of Service) or unintended memory exposure. Red Hat products are only affected if they process untrusted, excessively large ASN.1 input using OpenSSL\u0027s d2i_* decoding functions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34180"
},
{
"category": "external",
"summary": "RHBZ#2481881",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481881"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34180",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34180"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure."
},
{
"cve": "CVE-2026-34181",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481882"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS#12 (Public-Key Cryptography Standards #12) files that use Password-Based Message Authentication Code 1 (PBMAC1) with short HMAC (Hash-based Message Authentication Code) keys. This can lead to a service accepting attacker-controlled certificates and private keys with a 1 in 256 probability, potentially enabling impersonation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low: This flaw allows an attacker to forge PKCS#12 files with a 1 in 256 probability, leading to the acceptance of attacker-controlled certificates and private keys by services configured to use PBMAC1 authentication. Red Hat products utilizing OpenSSL versions 3.0, 1.1.1, or 1.0.2 are not affected, as these versions do not support PBMAC1 in PKCS#12.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34181"
},
{
"category": "external",
"summary": "RHBZ#2481882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34181",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34181"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "To mitigate this issue, enforce strict validation on all uploaded PKCS#12 files to reject those containing abnormally short security keys. Additionally, enabling FIPS mode on your system can help protect your environment, as the vulnerable OpenSSL code operates entirely outside the approved FIPS cryptographic boundary.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys"
},
{
"cve": "CVE-2026-34182",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2026-05-27T13:59:43+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL\u0027s Cryptographic Message Services (CMS) AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity validation. Consequently, an attacker may achieve key-equivalent functionality for a given CMS recipient.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate: This flaw in OpenSSL\u0027s Cryptographic Message Services (CMS) AuthEnvelopedData processing could allow an on-path attacker to forge messages or bypass integrity validation. This is due to insufficient input validation on cipher and tag length fields, potentially leading to key-equivalent functionality or integrity bypass in applications utilizing affected OpenSSL versions for CMS AuthEnvelopedData.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34182"
},
{
"category": "external",
"summary": "RHBZ#2481884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34182"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Systems configured to operate in FIPS mode are not affected by this vulnerability. To mitigate this issue, ensure that OpenSSL is operating in FIPS mode by enabling the system-wide FIPS policy. This may have broader implications for cryptographic operations on the system and should be evaluated for compatibility with existing applications. A system reboot may be required for the changes to take effect.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages"
},
{
"cve": "CVE-2026-34183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-27T14:04:59+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481885"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL\u0027s QUIC PATH_CHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATH_CHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates PATH_RESPONSE frames without them being acknowledged. The primary consequence is a Denial of Service (DoS), causing the affected application to terminate abnormally due to memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A Moderate severity flaw exists in the QUIC PATH_CHALLENGE handler, allowing a remote attacker to exhaust heap memory of a QUIC client or server. By flooding the local QUIC stack with PATH_CHALLENGE frames, a malicious peer can trigger unbounded memory allocation, leading to a denial of service for applications utilizing the vulnerable QUIC implementation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34183"
},
{
"category": "external",
"summary": "RHBZ#2481885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481885"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34183",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34183"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, apply UDP rate limiting at your network edge to throttle malicious traffic. If QUIC is not strictly required, disable the listener entirely and configure your application to use standard TLS over TCP. Additionally, enforce strict process memory limits using cgroups to prevent host-wide memory exhaustion during an attack.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler"
},
{
"cve": "CVE-2026-40355",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-04-28T07:01:45.120520+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate: This flaw allows an unauthenticated remote attacker to cause a Denial of Service in MIT Kerberos 5 by triggering a NULL pointer dereference. Exploitation requires the NegoEx mechanism to be explicitly registered in the system\u0027s GSSAPI configuration, which is not a default state in all Red Hat environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40355"
},
{
"category": "external",
"summary": "RHBZ#2463370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40355",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40355"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40355"
},
{
"category": "external",
"summary": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html",
"url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html"
},
{
"category": "external",
"summary": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f",
"url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f"
},
{
"category": "external",
"summary": "https://web.mit.edu/kerberos/advisories/",
"url": "https://web.mit.edu/kerberos/advisories/"
}
],
"release_date": "2026-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "To mitigate this issue, remove the NegoEx mechanism registration from the system\u0027s GSSAPI configuration if it is not required. This can typically be achieved by removing or commenting out the relevant entry in `/etc/gss/mech`. A restart of services utilizing Kerberos might be necessary for the changes to take effect, which could impact Kerberos-dependent functionality.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism"
},
{
"cve": "CVE-2026-40356",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"discovery_date": "2026-04-28T07:01:37.543641+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463368"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate impact denial of service flaw in MIT Kerberos 5 (krb5) allows an unauthenticated remote attacker to trigger an integer underflow and out-of-bounds read. This vulnerability, which can lead to process termination, specifically affects systems where the NegoEx mechanism is registered and `gss_accept_sec_context()` is called. While Kerberos is a fundamental service, the prerequisite of a registered NegoEx mechanism limits the attack surface.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40356"
},
{
"category": "external",
"summary": "RHBZ#2463368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40356",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40356"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40356"
},
{
"category": "external",
"summary": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html",
"url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html"
},
{
"category": "external",
"summary": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f",
"url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f"
},
{
"category": "external",
"summary": "https://web.mit.edu/kerberos/advisories/",
"url": "https://web.mit.edu/kerberos/advisories/"
}
],
"release_date": "2026-04-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that the NegoEx mechanism is not registered in the `/etc/gss/mech` configuration file. Removing the corresponding entry from this file will prevent the vulnerable code path from being activated. This action may impact services that rely on the NegoEx GSS-API mechanism. A restart of affected Kerberos-dependent services may be required for the change to take effect.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read"
},
{
"cve": "CVE-2026-41035",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2026-04-16T08:00:54.200357+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458898"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. When rsync is configured to handle extended attributes (using the -X or --xattrs option), a remote attacker can exploit a use-after-free vulnerability. This occurs because the receive_xattr function incorrectly processes an untrusted length value during a sorting operation, leading to memory corruption. Successful exploitation can result in a denial of service, causing the rsync process to crash, and may potentially allow for arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: Rsync: Use-after-free vulnerability in extended attribute handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in rsync that allows a remote attacker to cause a denial of service or potentially execute arbitrary code. The vulnerability is present when rsync is used with extended attributes enabled via the `-X` or `--xattrs` option, which is not a default configuration. Exploitation requires the victim to explicitly enable this feature.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41035"
},
{
"category": "external",
"summary": "RHBZ#2458898",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458898"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41035"
},
{
"category": "external",
"summary": "https://github.com/RsyncProject/rsync/issues/871",
"url": "https://github.com/RsyncProject/rsync/issues/871"
},
{
"category": "external",
"summary": "https://github.com/RsyncProject/rsync/releases",
"url": "https://github.com/RsyncProject/rsync/releases"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2026/04/16/2",
"url": "https://www.openwall.com/lists/oss-security/2026/04/16/2"
}
],
"release_date": "2026-04-16T06:53:05.237000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, avoid using the -X or --xattrs options with rsync if extended attribute handling is not essential for your operations. Disabling these options prevents the vulnerable code path from being exercised. This may impact functionality that relies on extended attributes.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rsync: Rsync: Use-after-free vulnerability in extended attribute handling"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42009",
"cwe": {
"id": "CWE-475",
"name": "Undefined Behavior for Input to API"
},
"discovery_date": "2026-05-06T16:32:32.382000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467279"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact for this flaw has been downgraded on Red Hat Enterprise Linux due to the following reason:\n\n- The number of elements passed to the vulnerable function at runtime is known and is at most 6 and the element size is sufficiently small. glibc\u2019s qsort implementation will not exercise the quick sort code path, which would otherwise cause an infloop or out-of-bound write.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42009"
},
{
"category": "external",
"summary": "RHBZ#2467279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42009"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42010",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-05-06T16:57:37.044000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467289"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest\u2013Shamir\u2013Adleman \u2013 Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Authentication Bypass via NUL Character in Username",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42010"
},
{
"category": "external",
"summary": "RHBZ#2467289",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467289"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42010",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42010"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42010"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gnutls: gnutls: Authentication Bypass via NUL Character in Username"
},
{
"acknowledgments": [
{
"names": [
"Haruto Kimura"
],
"organization": "Stella"
}
],
"cve": "CVE-2026-42011",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-06T19:06:25.319000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467437"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Security bypass due to incorrect name constraint handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42011"
},
{
"category": "external",
"summary": "RHBZ#2467437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42011",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42011"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42011",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42011"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-6",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-6"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: gnutls: Security bypass due to incorrect name constraint handling"
},
{
"acknowledgments": [
{
"names": [
"Oleh Konko"
],
"organization": "1Seal"
}
],
"cve": "CVE-2026-42012",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-06T19:16:02.753000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467441"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42012"
},
{
"category": "external",
"summary": "RHBZ#2467441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467441"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42012",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42012"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42012",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42012"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-7",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-7"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs"
},
{
"acknowledgments": [
{
"names": [
"Haruto Kimura"
],
"organization": "Stella"
},
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42013",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-06T19:47:00.134000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467448"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42013"
},
{
"category": "external",
"summary": "RHBZ#2467448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467448"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42013"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42013",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42013"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-8",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-8"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name"
},
{
"acknowledgments": [
{
"names": [
"Luigino Camastra"
]
},
{
"names": [
"Joshua Rogers"
],
"organization": "AISLE Research Team"
}
],
"cve": "CVE-2026-42014",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-05-06T19:51:54.069000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42014"
},
{
"category": "external",
"summary": "RHBZ#2467451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42014",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42014"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42014",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42014"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/gnutls/-/issues/1766",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1766"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin"
},
{
"acknowledgments": [
{
"names": [
"Zou Dikai"
]
}
],
"cve": "CVE-2026-42015",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2026-05-07T10:50:28.379000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467678"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42015"
},
{
"category": "external",
"summary": "RHBZ#2467678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42015",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42015"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42015",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42015"
},
{
"category": "external",
"summary": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-11",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-11"
}
],
"release_date": "2026-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling"
},
{
"cve": "CVE-2026-42764",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-27T14:08:07+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481887"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSL QUIC (Quick UDP Internet Connections) server. A remote attacker could send a specially crafted QUIC initial packet with an invalid token. If the server\u0027s address validation is explicitly disabled, this could lead to a NULL pointer dereference, causing the server process to terminate abnormally and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: NULL pointer dereference in QUIC server initial packet handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a Moderate severity issue. A NULL pointer dereference can occur in the OpenSSL QUIC server when processing initial packets with invalid tokens, leading to a denial of service. This vulnerability is only exploitable if the client address validation is explicitly disabled using the `SSL_LISTENER_FLAG_NO_VALIDATE` flag, which is not the default configuration for OpenSSL QUIC servers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42764"
},
{
"category": "external",
"summary": "RHBZ#2481887",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481887"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42764",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42764"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42764",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42764"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that the OpenSSL QUIC server has client address validation enabled. This is the default configuration. If the `SSL_LISTENER_FLAG_NO_VALIDATE` flag is being used with the `SSL_new_listener()` call, it should be removed to prevent the vulnerability from being exploitable.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: NULL pointer dereference in QUIC server initial packet handling"
},
{
"cve": "CVE-2026-42766",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker could exploit a NULL pointer dereference vulnerability in the Cryptographic Message Syntax (CMS) decryption process by providing a specially crafted password-encrypted CMS message. This occurs because the keyDerivationAlgorithm field, which is optional, is dereferenced without proper validation. Successful exploitation leads to an application crash, resulting in a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Possible NULL Dereference in Password-Based CMS Decryption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated as Low impact. A NULL pointer dereference in OpenSSL\u0027s CMS decryption can be triggered by a specially crafted password-encrypted CMS message, leading to an Red Hat application crash and Denial of Service. This affects applications that perform password-based CMS decryption.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42766"
},
{
"category": "external",
"summary": "RHBZ#2481890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42766",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42766"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42766",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42766"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Possible NULL Dereference in Password-Based CMS Decryption"
},
{
"cve": "CVE-2026-42767",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol (CMP) server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format (CRMF) CertRepMessage with a specific malformed EncryptedValue structure, would trigger a NULL pointer dereference in the OpenSSL CMP client. This vulnerability leads to a crash of the application, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a Low severity issue. A null pointer dereference flaw in the OpenSSL Certificate Management Protocol (CMP) client could be triggered by an attacker-controlled CMP server. This could lead to a denial of service in applications that process untrusted CMP/CRMF messages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42767"
},
{
"category": "external",
"summary": "RHBZ#2481891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42767",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42767"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42767",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42767"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that OpenSSL CMP client applications only communicate with trusted Certificate Management Protocol (CMP) servers. If CMP client functionality is not required, consider disabling or restricting its use to reduce exposure.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption"
},
{
"cve": "CVE-2026-42768",
"cwe": {
"id": "CWE-205",
"name": "Observable Behavioral Discrepancy"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481892"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL\u0027s CMS_decrypt() and PKCS7_decrypt() functions. This vulnerability, a Bleichenbacher-style oracle, could allow a remote attacker to decrypt or sign messages using the victim\u0027s private RSA key. Exploitation requires the attacker to provide specially crafted CMS or S/MIME messages and observe the application\u0027s error codes or decryption output. While the attack is technically possible, the specific conditions required make it unlikely to be exploited in typical deployments.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low severity vulnerability in OpenSSL\u0027s CMS_decrypt() and PKCS7_decrypt() functions exposes a Bleichenbacher-style oracle. Exploitation requires an attacker to control input CMS/S/MIME messages and observe decryption errors or output, a scenario deemed unlikely in most Red Hat product deployments. The attack could allow decryption or signing of messages with a victim\u0027s private RSA key.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42768"
},
{
"category": "external",
"summary": "RHBZ#2481892",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481892"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42768",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42768"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42768",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42768"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, applications utilizing CMS_decrypt() or PKCS7_decrypt() should ensure a recipient certificate is always provided to identify the specific RecipientInfo for decryption. This practice helps prevent the Bleichenbacher-style oracle attack by ensuring proper key identification.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()"
},
{
"cve": "CVE-2026-42769",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Certificate Management Protocol (CMP) implementation within OpenSSL. An attacker with existing Registration Authority (RA) level credentials could exploit an error in the certificate verification process during a Root Certificate Authority (CA) key update. This vulnerability allows the attacker to replace the root CA certificate for CMP clients with a fraudulent one. The primary consequence is an escalation of privileges, enabling the attacker to gain control equivalent to the root CA.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue has a Low impact as it requires an attacker to already possess valid Registration Authority (RA) level credentials to exploit. A flaw in the Certificate Management Protocol (CMP) root CA key update process could allow an RA to substitute the root CA certificate for CMP clients with an arbitrary certificate, potentially leading to a trust-anchor substitution. FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42769"
},
{
"category": "external",
"summary": "RHBZ#2481893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42769",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42769"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42769",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42769"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate"
},
{
"cve": "CVE-2026-42770",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481894"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A malicious peer can exploit this vulnerability by presenting a specially crafted DHX (X9.42) peer key. Due to improper validation of the peer key\u0027s subgroup membership, an attacker can recover the victim\u0027s private key after a small number of key exchange attempts. This information disclosure can lead to unauthorized access or further compromise of affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: FFC-DH Peer Validation Uses Attacker-Supplied q",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low severity flaw in OpenSSL affects systems configured to use DHX (X9.42) peer keys for key derivation, allowing a malicious peer to potentially recover a victim\u0027s private key. The attack requires specific conditions, such as long-lived RA/CA DHX keys in CMP deployments or bespoke applications utilizing X9.42 DHX static keys with interactive protocols, limiting its broader impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42770"
},
{
"category": "external",
"summary": "RHBZ#2481894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481894"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42770",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42770"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42770",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42770"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: FFC-DH Peer Validation Uses Attacker-Supplied q"
},
{
"cve": "CVE-2026-43618",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-05-11T13:09:39.838000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2469054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rsync. An authenticated daemon peer can exploit an integer overflow vulnerability in the compressed-token decoder. By carefully manipulating the compressed-token, a malicious sender can trigger an overflow, leading to remote memory disclosure. This allows an attacker to leak sensitive process memory contents, including environment variables, passwords, and memory pointers, which significantly weakens Address Space Layout Randomization (ASLR) and can facilitate further exploitation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in rsync\u0027s compressed-token decoding allows an authenticated remote attacker to trigger an integer overflow. This can lead to memory disclosure, potentially exposing sensitive information such as environment variables or heap pointers, thereby weakening Address Space Layout Randomization (ASLR) and aiding further exploitation. The vulnerability is present when rsync is configured as a daemon with compression enabled, which is the default for protocols version 30 and higher.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43618"
},
{
"category": "external",
"summary": "RHBZ#2469054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2469054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43618"
}
],
"release_date": "2026-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Disable compression on the rsync daemon by adding `refuse options = compress` to the `rsyncd.conf` file. A restart of the rsync daemon service is required for the change to take effect and may impact transfer performance.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding"
},
{
"cve": "CVE-2026-44486",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:30.944384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in the Axios Node.js HTTP adapter. Red Hat products utilizing Axios in a Node.js environment with an authenticated proxy and automatic redirects enabled are susceptible. The vulnerability arises when a request, initially sent through an authenticated proxy, is redirected to a target that no longer uses the proxy, potentially leaking `Proxy-Authorization` headers containing sensitive credentials to an untrusted remote server. This risk is heightened in deployments where applications interact with untrusted HTTP origins.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "RHBZ#2487947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc",
"url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
}
],
"release_date": "2026-06-11T15:39:07.714000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects"
},
{
"cve": "CVE-2026-44487",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:34.091476+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in Axios affecting Node.js environments. When an application uses Axios with an authenticated HTTP proxy and follows redirects from an HTTP to a non-proxied HTTPS destination, the Proxy-Authorization header may be inadvertently sent to the final origin server. This could lead to the exposure of sensitive proxy credentials to an unintended third party.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "RHBZ#2487948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
}
],
"release_date": "2026-06-11T15:38:25.150000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
},
{
"cve": "CVE-2026-44488",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-11T17:01:36.836488+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A denial of service flaw was found in Axios, a JavaScript HTTP client library. This issue arises when applications utilize the `fetch` adapter, as configured request and response size limits are not properly enforced. A remote attacker could exploit this by sending or receiving excessively large data bodies, leading to resource exhaustion and potential denial of service in affected server-side applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "RHBZ#2487949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
}
],
"release_date": "2026-06-11T15:37:38.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
},
{
"cve": "CVE-2026-44492",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-11T17:00:56.761751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Axios, a JavaScript HTTP client library, that allows for a proxy bypass. When a `NO_PROXY` environment variable is configured to prevent direct connections to specific IPv4 addresses, an attacker can craft a request URL using the IPv4-mapped IPv6 address format. This bypasses the intended `NO_PROXY` exclusion, routing the request through the configured proxy and potentially exposing internal services or sensitive information, such as cloud instance metadata credentials.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "RHBZ#2487938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"
}
],
"release_date": "2026-06-11T15:29:13.890000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization"
},
{
"cve": "CVE-2026-44494",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:01:12.945664+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to escalate any existing Object.prototype pollution in an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the Axios library allows an attacker to escalate existing prototype pollution vulnerabilities within an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. By injecting a malicious proxy configuration into the `Object.prototype`, an attacker can intercept, read, and modify all HTTP traffic, including sensitive authentication credentials, without direct user interaction. This poses a significant risk to data confidentiality and integrity in Red Hat products that utilize the Axios library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "RHBZ#2487942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
"url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
}
],
"release_date": "2026-06-11T15:32:03.155000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution"
},
{
"cve": "CVE-2026-44495",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:00:53.999811+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in Axios, a promise-based HTTP client, can lead to information disclosure, including credential theft and response hijacking, or denial of service. Exploitation requires a separate prototype pollution vulnerability in the same JavaScript process, allowing an attacker to control `Object.prototype.transformResponse`. Red Hat products using affected Axios versions are at risk if another component introduces such pollution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "RHBZ#2487937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
}
],
"release_date": "2026-06-11T15:33:12.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Axios can lead to a client-side Denial of Service. An attacker capable of influencing the XSRF cookie name within a browser environment could trigger excessive regular expression processing, causing the affected browser tab to freeze and degrade user availability. This issue specifically impacts browser-based applications and does not affect Node.js HTTP adapter usage, React Native, or web workers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-45186",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2026-05-10T07:00:47.768180+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2468575"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libexpat: denial of service via crafted XML input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file or input with an application linked to the libexpat library. Also, the only security impact of this flaw is a high consumption of CPU resources that can eventually cause a denial of service. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45186"
},
{
"category": "external",
"summary": "RHBZ#2468575",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468575"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45186"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1216",
"url": "https://github.com/libexpat/libexpat/pull/1216"
}
],
"release_date": "2026-05-10T06:36:16.927000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, restrict the maximum size of incoming XML payloads. It is especially critical to limit the decompressed size if the application accepts compressed XML files. Also, consider running the application inside a container or a restricted environment to ensure that the high consumption of CPU resources does not affect the host system.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libexpat: denial of service via crafted XML input"
},
{
"cve": "CVE-2026-45445",
"cwe": {
"id": "CWE-1204",
"name": "Generation of Weak Initialization Vector (IV)"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481896"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface (EVP_Cipher()) will have their provided Initialization Vector (IV) silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the confidentiality of encrypted data. Additionally, this issue allows for the universal forgery of authentication tags, undermining the integrity of communications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: AES-OCB IV Ignored on EVP_Cipher() Path",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a Moderate severity flaw where applications utilizing the AES-OCB cipher through OpenSSL\u0027s EVP_Cipher() one-shot interface may silently discard the provided initialization vector (IV). This leads to nonce reuse, compromising confidentiality and enabling universal forgery of authentication tags. Red Hat products are primarily affected if they include or rely on third-party applications that specifically employ this less common and discouraged API usage with AES-OCB, as standard OpenSSL SSL/TLS implementations and applications using the recommended streaming AEAD API are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45445"
},
{
"category": "external",
"summary": "RHBZ#2481896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481896"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45445",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45445"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45445",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45445"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: AES-OCB IV Ignored on EVP_Cipher() Path"
},
{
"cve": "CVE-2026-45446",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481897"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. The implementations of AES-SIV (Advanced Encryption Standard - SIV) and AES-GCM-SIV (Advanced Encryption Standard - Galois/Counter Mode - SIV) incorrectly process authentication tags for empty messages. This vulnerability allows a remote attacker to forge empty messages with arbitrary Additional Authenticated Data (AAD) in applications that utilize these specific cipher modes within custom protocols and do not properly handle zero-length ciphertexts. This could lead to unauthorized data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as Low impact. It affects applications that utilize OpenSSL\u0027s AES-SIV or AES-GCM-SIV modes within custom protocols and specifically mishandle empty ciphertexts. Standard OpenSSL protocols, such as TLS, are not affected. Successful exploitation requires an application to use the EVP interface and to skip ciphertext updates when processing zero-length ciphertexts, representing an uncommon and non-default configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45446"
},
{
"category": "external",
"summary": "RHBZ#2481897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481897"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45446",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45446"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45446",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45446"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "The vulnerability arises from specific application implementations using OpenSSL\u0027s AES-SIV or AES-GCM-SIV modes with custom protocols and an atypical handling of empty ciphertexts. As this scenario is not a default or commonly deployed configuration in Red Hat products, and no direct configuration or operational control exists to mitigate this specific flaw without patching, the following applies:\n\nMitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes"
},
{
"cve": "CVE-2026-45447",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481898"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#7 or S/MIME (Secure/Multipurpose Internet Mail Extensions) signed message, a heap use-after-free vulnerability in the PKCS7_verify() function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, leading to incorrect memory deallocation. A remote attacker could exploit this to cause application crashes, memory corruption, or potentially achieve remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This High severity heap use-after-free flaw in OpenSSL\u0027s PKCS7_verify() function can be triggered by processing a specially crafted PKCS#7 or S/MIME signed message. This could lead to application crashes, memory corruption, or potentially remote code execution, impacting services that handle such messages. The vulnerability specifically affects applications utilizing OpenSSL PKCS#7 APIs, while those using CMS APIs are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45447"
},
{
"category": "external",
"summary": "RHBZ#2481898",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481898"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45447",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45447"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45447",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45447"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()"
},
{
"cve": "CVE-2026-45736",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-05-15T16:00:55.786944+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477914"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in the `ws` WebSocket library for Node.js could lead to sensitive information disclosure. The flaw occurs when a `TypedArray` is specifically provided as the `reason` argument to the `websocket.close()` function, potentially exposing uninitialized memory. Red Hat products utilizing this library may be affected if their implementations allow for such a crafted `close()` call.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "RHBZ#2477914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45736",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086",
"url": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx"
}
],
"release_date": "2026-05-15T14:53:57.263000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`"
},
{
"cve": "CVE-2026-48779",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-06-16T22:01:24.571224+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489661"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `ws` WebSocket library. A remote attacker can exploit this flaw by sending a high volume of small, fragmented data, leading to excessive memory consumption and subsequent process termination. This can result in service disruption for Red Hat products that utilize `ws` for WebSocket communication.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "RHBZ#2489661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489661"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7",
"url": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53",
"url": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94",
"url": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8",
"url": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p"
}
],
"release_date": "2026-06-16T21:26:22.537000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-24T16:29:56+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6a26bc89c61e7fad594399ceda8e170d66fa241d818eada7a12d9fec6bb08ecc_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:ccd969d2710875e82896556e7b3c02e39147d03612452af6b0a916b656ce5b34_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:16b33ed961e598805d155db8fea7bb293fb8ef95ddd45169c61fbeb5a8944b6b_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:335f5d49155804969d193c3104fd144d7e499e2d5433965b217f379cbcf1cc75_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments"
}
]
}
SUSE-SU-2025:0156-1
Vulnerability from csaf_suse - Published: 2025-01-17 11:59 - Updated: 2025-01-17 11:59| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rsync",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rsync fixes the following issues:\n\n- CVE-2024-12084: heap buffer overflow in checksum parsing. (bsc#1234100)\n- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)\n- CVE-2024-12086: leak of a client machine\u0027s file contents through the processing of checksum data. (bsc#1234102)\n- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)\n- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)\n- CVE-2024-12747: race condition in rsync handling symbolic links (bsc#1235475)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-156,SUSE-SLE-Module-Basesystem-15-SP6-2025-156,openSUSE-SLE-15.6-2025-156",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0156-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0156-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250156-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0156-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020160.html"
},
{
"category": "self",
"summary": "SUSE Bug 1234100",
"url": "https://bugzilla.suse.com/1234100"
},
{
"category": "self",
"summary": "SUSE Bug 1234101",
"url": "https://bugzilla.suse.com/1234101"
},
{
"category": "self",
"summary": "SUSE Bug 1234102",
"url": "https://bugzilla.suse.com/1234102"
},
{
"category": "self",
"summary": "SUSE Bug 1234103",
"url": "https://bugzilla.suse.com/1234103"
},
{
"category": "self",
"summary": "SUSE Bug 1234104",
"url": "https://bugzilla.suse.com/1234104"
},
{
"category": "self",
"summary": "SUSE Bug 1235475",
"url": "https://bugzilla.suse.com/1235475"
},
{
"category": "self",
"summary": "SUSE Bug 1235895",
"url": "https://bugzilla.suse.com/1235895"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12084 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12085 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12086 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12087 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12088 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12747 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12747/"
}
],
"title": "Security update for rsync",
"tracking": {
"current_release_date": "2025-01-17T11:59:08Z",
"generator": {
"date": "2025-01-17T11:59:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0156-1",
"initial_release_date": "2025-01-17T11:59:08Z",
"revision_history": [
{
"date": "2025-01-17T11:59:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.2.7-150600.3.8.1.aarch64",
"product": {
"name": "rsync-3.2.7-150600.3.8.1.aarch64",
"product_id": "rsync-3.2.7-150600.3.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.2.7-150600.3.8.1.i586",
"product": {
"name": "rsync-3.2.7-150600.3.8.1.i586",
"product_id": "rsync-3.2.7-150600.3.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.2.7-150600.3.8.1.ppc64le",
"product": {
"name": "rsync-3.2.7-150600.3.8.1.ppc64le",
"product_id": "rsync-3.2.7-150600.3.8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.2.7-150600.3.8.1.s390x",
"product": {
"name": "rsync-3.2.7-150600.3.8.1.s390x",
"product_id": "rsync-3.2.7-150600.3.8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rsync-3.2.7-150600.3.8.1.x86_64",
"product": {
"name": "rsync-3.2.7-150600.3.8.1.x86_64",
"product_id": "rsync-3.2.7-150600.3.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.2.7-150600.3.8.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64"
},
"product_reference": "rsync-3.2.7-150600.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.2.7-150600.3.8.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le"
},
"product_reference": "rsync-3.2.7-150600.3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.2.7-150600.3.8.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x"
},
"product_reference": "rsync-3.2.7-150600.3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.2.7-150600.3.8.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64"
},
"product_reference": "rsync-3.2.7-150600.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.2.7-150600.3.8.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64"
},
"product_reference": "rsync-3.2.7-150600.3.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.2.7-150600.3.8.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le"
},
"product_reference": "rsync-3.2.7-150600.3.8.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.2.7-150600.3.8.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x"
},
"product_reference": "rsync-3.2.7-150600.3.8.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rsync-3.2.7-150600.3.8.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
},
"product_reference": "rsync-3.2.7-150600.3.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12084"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12084",
"url": "https://www.suse.com/security/cve/CVE-2024-12084"
},
{
"category": "external",
"summary": "SUSE Bug 1233760 for CVE-2024-12084",
"url": "https://bugzilla.suse.com/1233760"
},
{
"category": "external",
"summary": "SUSE Bug 1234100 for CVE-2024-12084",
"url": "https://bugzilla.suse.com/1234100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T11:59:08Z",
"details": "critical"
}
],
"title": "CVE-2024-12084"
},
{
"cve": "CVE-2024-12085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12085"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12085",
"url": "https://www.suse.com/security/cve/CVE-2024-12085"
},
{
"category": "external",
"summary": "SUSE Bug 1233760 for CVE-2024-12085",
"url": "https://bugzilla.suse.com/1233760"
},
{
"category": "external",
"summary": "SUSE Bug 1234101 for CVE-2024-12085",
"url": "https://bugzilla.suse.com/1234101"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T11:59:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-12085"
},
{
"cve": "CVE-2024-12086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12086"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12086",
"url": "https://www.suse.com/security/cve/CVE-2024-12086"
},
{
"category": "external",
"summary": "SUSE Bug 1233760 for CVE-2024-12086",
"url": "https://bugzilla.suse.com/1233760"
},
{
"category": "external",
"summary": "SUSE Bug 1234102 for CVE-2024-12086",
"url": "https://bugzilla.suse.com/1234102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T11:59:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-12086"
},
{
"cve": "CVE-2024-12087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12087"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client\u0027s intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12087",
"url": "https://www.suse.com/security/cve/CVE-2024-12087"
},
{
"category": "external",
"summary": "SUSE Bug 1233760 for CVE-2024-12087",
"url": "https://bugzilla.suse.com/1233760"
},
{
"category": "external",
"summary": "SUSE Bug 1234103 for CVE-2024-12087",
"url": "https://bugzilla.suse.com/1234103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T11:59:08Z",
"details": "important"
}
],
"title": "CVE-2024-12087"
},
{
"cve": "CVE-2024-12088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12088"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12088",
"url": "https://www.suse.com/security/cve/CVE-2024-12088"
},
{
"category": "external",
"summary": "SUSE Bug 1233760 for CVE-2024-12088",
"url": "https://bugzilla.suse.com/1233760"
},
{
"category": "external",
"summary": "SUSE Bug 1234104 for CVE-2024-12088",
"url": "https://bugzilla.suse.com/1234104"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T11:59:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-12088"
},
{
"cve": "CVE-2024-12747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12747"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync\u0027s handling of symbolic links. Rsync\u0027s default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12747",
"url": "https://www.suse.com/security/cve/CVE-2024-12747"
},
{
"category": "external",
"summary": "SUSE Bug 1233760 for CVE-2024-12747",
"url": "https://bugzilla.suse.com/1233760"
},
{
"category": "external",
"summary": "SUSE Bug 1235475 for CVE-2024-12747",
"url": "https://bugzilla.suse.com/1235475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rsync-3.2.7-150600.3.8.1.x86_64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.aarch64",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.ppc64le",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.s390x",
"openSUSE Leap 15.6:rsync-3.2.7-150600.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-17T11:59:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-12747"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.